All,
I have a Win2k3 domain and I have a domain policy which locks accounts after 5 incorrect logon attempts.
I have one user who I do not want to apply this policy to. In other words, the user can have 100 incorrect logon attempts, and the user account will not lock out.
I've already tried to set the user to DENY the domain account gpo in the GPO security settings, but the user still gets locked out after 5 incorrect attempts.
How do I go about excluding the user from the domain lockout policy?
Also, I read an article a while back which describes a new methodology with Domain Account settings, whereas if you have a longer password policy for phrases (like 20 character policy) where users can use phrases like "ilovemysonandmydog", then you can safely take off lockouts, or increase them from a small number like 5 to a large number like 100 ... thereby decreasing helpdesk costs, user inconvenience, etc.
Does anyone have articles or documentation supporting this?
Thanks in advance,
Systems Admin