Hi Team,
AD : Windows server 2008 R2
Users Count : 4000+ Users
In my domain, no account lockout policy in place - its set for 0 invalid attempts. For auditing and security reasons, need to apply account lockout policy in my domain.
So, to observer, i have implemented the lockout policy in the domain. But then, there are lot of users started complaining about the account lockout issue and my Help desk is filled with lockout tickets.
I think the majority of the issue is causing due to the saved passwords in the PCs. Then after this incident, i roll backed my changes.
Then, As per the Microsoft article , http://technet.microsoft.com/en-us/library/hh994574(v=ws.10).aspx . I
I have implemented the policy in my Domain for 50 invalid attempts.
And around 60% of the users are saying account is getting locked out. After this, i have revised the policy again.
Could any suggest how to address this issue.???
Also, i am upgrading my functional level to 2008 to at least excluded some service accounts from being locked. But that will not be the complete one.
Regards, Dj