Account Lockout policy problem

Toggle sidebar Toggle sidebar
B

Benny

Distinguished
Dec 31, 2007
44
0
18,530
Archived from groups: microsoft.public.win2000.security (More info?)

I implemented an account lockout policy (5 invalid logons) for the domain's
default policy. I noticed that users account on the domain always lockout. I
enabled auditing for account logon events and object access but no events are
logged when I look at security in event viewer. I decided to set the lockout
policy to 'not defined' but still users lock out. Does my system have a
security issue? How can I check and remedy this. I'm using windows 2000
server SP4 and is also a SQL 2000 server. Thanks for any help.
 
Archived from groups: microsoft.public.win2000.security (More info?)

First off I suggest you set the threshold to at least ten per Microsoft's
recommendations. Then enable auditing of "account logon events" and account
management in Domain Controller Security Policy. You can leave auditing enabled for
the domain but you will find most of the information in the domain controller
security logs though you should fine failed logons in the security log of the domain
computers for failed logons due to account lockouts. It is hard to say if you have a
security issue without knowing more. Generally large amounts of failed logons to
administrator account for the domain and local administrator accounts on domain
computers are a reason for concern and note those accounts can not be locked out by
default. See the links below and pay attention on how to use Event Comb to scan
multiple computers for specific events. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx
http://www.microsoft.com/technet/Security/topics/hardsys/tcg/tcgch02.mspx -- great
article on domain level policy recommendations.
http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx -- Microsoft
security guidance for small businesses.


"Benny" <Benny@discussions.microsoft.com> wrote in message
news😀D37E97B-37CF-4807-8059-1AB17AE3CF02@microsoft.com...
>I implemented an account lockout policy (5 invalid logons) for the domain's
> default policy. I noticed that users account on the domain always lockout. I
> enabled auditing for account logon events and object access but no events are
> logged when I look at security in event viewer. I decided to set the lockout
> policy to 'not defined' but still users lock out. Does my system have a
> security issue? How can I check and remedy this. I'm using windows 2000
> server SP4 and is also a SQL 2000 server. Thanks for any help.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom