Windows 2003 Server Question

[dannaswolcott]

I have set the domain policy to lock out accounts after 3 invalid login attempts. Well for some reason it does not work. Can anyone help me get account lockout working? Thanks in advance!

 

[brian]

are you sure that the policy is being pushed? you can do gpupdate /force to force a update

 

[DizzlyDood]

are you sure that the policy is being pushed? you can do gpupdate /force to force a update

Just to clarify, you do gpupdate /force in the cmd prompt of the client computers, not the server.

 

[dannaswolcott]

I have done that, No help.

 

[brian]

Ok, then what pollicy are you putting it as. It you made your own pollicy that is linked to a OU, then you need to create a sub OU and call it computers. Then go over the the computers OU (not the subfolder) and drag all the ones you want to be effected to the new OU. Then it should work

 

[dannaswolcott]

Ok, then what pollicy are you putting it as. It you made your own pollicy that is linked to a OU, then you need to create a sub OU and call it computers. Then go over the the computers OU (not the subfolder) and drag all the ones you want to be effected to the new OU. Then it should work

What do you mean by OU?

 

[DizzlyDood]

What do you mean by OU?

Organizational Unit in Active Directory. It's how you should be orgranizing which group policy effects which devices/users.

 

[tlarkin]

You have to create a container (or whatever MS calls it) that is either organized by group or by computer. If you have an inventory asset system then all your unique computer names should show up in AD. You then must create either a OU or a group and apply policy to said group. Creating a policy does nothing until you apply it to either a group or a machine specifically.

I recommend you apply to to groups, and use nested groups for ease of use. I don't work in an AD environment any more so my terminology may be a bit off. However, I am familiar with it.