Discussion:
Users can log on after account is locked out
(too old to reply)
pete0085
2010-06-25 16:45:25 UTC
Permalink
I am having problems figuring this out.

If a user enters the wrong password 3 times, they are locked out and
displays a message. If they enter the correct password the next time, it
allows them to log on to the computer, but their account is locked out and
have no access to the network.

Why does it allow them to do this? Should it not display a message you are
locked out and not allow you to log on at all?

The DC is Windows 2003 standard and all of the workstations are XP Prof.


Thanks.
Meinolf Weber [MVP-DS]
2010-06-26 09:44:18 UTC
Permalink
Hello pete0085,

How are the GPO settings configured in the policy on domain level for account
lockout, please post them here?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by pete0085
I am having problems figuring this out.
If a user enters the wrong password 3 times, they are locked out and
displays a message. If they enter the correct password the next time,
it allows them to log on to the computer, but their account is locked
out and have no access to the network.
Why does it allow them to do this? Should it not display a message
you are locked out and not allow you to log on at all?
The DC is Windows 2003 standard and all of the workstations are XP Prof.
Thanks.
pete0085
2010-06-28 19:27:38 UTC
Permalink
Account lockout duration: 0

Account lockout threshold: 3

Reset Account Lockout: 30 minutes

The thing that concerns me is you are allowed to access the computer even if
you don't have access to outlook or any shared network resources. The
account will be locked out, but don't believe they should be able to
sucessfully logon to windows even if they enter the correct password the 4th
attempt.
Post by Meinolf Weber [MVP-DS]
Hello pete0085,
How are the GPO settings configured in the policy on domain level for account
lockout, please post them here?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by pete0085
I am having problems figuring this out.
If a user enters the wrong password 3 times, they are locked out and
displays a message. If they enter the correct password the next time,
it allows them to log on to the computer, but their account is locked
out and have no access to the network.
Why does it allow them to do this? Should it not display a message
you are locked out and not allow you to log on at all?
The DC is Windows 2003 standard and all of the workstations are XP Prof.
Thanks.
.
Meinolf Weber [MVP-DS]
2010-06-29 05:58:48 UTC
Permalink
Hello pete0085,

When using the "Account lockout threshold" you have also to define the "Account
lockout duration", it must be greater than or equal to the "Reset Account
lockout counter after" time.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by pete0085
Account lockout duration: 0
Account lockout threshold: 3
Reset Account Lockout: 30 minutes
The thing that concerns me is you are allowed to access the computer
even if you don't have access to outlook or any shared network
resources. The account will be locked out, but don't believe they
should be able to sucessfully logon to windows even if they enter the
correct password the 4th attempt.
Post by Meinolf Weber [MVP-DS]
Hello pete0085,
How are the GPO settings configured in the policy on domain level for
account lockout, please post them here?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by pete0085
I am having problems figuring this out.
If a user enters the wrong password 3 times, they are locked out and
displays a message. If they enter the correct password the next
time, it allows them to log on to the computer, but their account is
locked out and have no access to the network.
Why does it allow them to do this? Should it not display a message
you are locked out and not allow you to log on at all?
The DC is Windows 2003 standard and all of the workstations are XP Prof.
Thanks.
.
Loading...