We've implemented Account Logout policies in our Windows 2008 R2 domain with these settings
Lockout duration: 30 minutes
Lockout threshold: 15 invalid login attempts
Reset account lockout counter after: 30 minutes
We've turned on NETLOGON.log logging and are watching for any user problems. On a few users, we see over 300 attempted logins from a machine (0xC000006A Transitive Login attempt) over a 4 hour period. We're watching the account but it's not locking out. Are these types of login exempt from the Account Lockout policy?
Orange County District Attorney