General discussion
-
Topic
-
Account Lockout GPO is not working on 64-bit Windows 7
LockedHi All,
I am trying to configure the default domain policy with Account Lockout settings (Lockout for 1 minute after 2 tries.) After deploying the GPO, none of the Windows 7 clients and most of the Vista clients are not working.
After changing Account Lockout policy, I performed gpupdate /force on all DCs, and all updates are successful. I performed gpupdate /force on all clients, and shutdown the PCs twice. But Windows 7 default account lockout policy (5 tries and lockout for 3 minutes, I think, is still in effect.)
On every Windows 7 and Windows Vista machines, GPRESULT /H clearly shows the default domain policy is applied with correct account lockout settings. (Techrepublic doesn’t allow uploading screeshots.)
Following is my domain structure:
Site 1:
PDC: Windows Server 2008 R2
DC: Windows Server 2008 R2Site 2:
DC: Windows Server 2003 R2 64-bitSite 3:
DC: Windows Server 2008 32-bitFollowing is copied from gpresult /V from one of Windows 7 Client:
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001Created On 3/5/2011 at 4:12:07 PM
RSOP data for domain10\wongw on YEMEN : Logging Mode
——————————————————-OS Configuration: Member Workstation
OS Version: 6.1.7601
Site Name: Default-First-Site-Name
Roaming Profile: N/A
Local Profile: C:\Users\wongw
Connected over a slow link?: NoCOMPUTER SETTINGS
——————
CN=YEMEN,CN=Computers,DC=domain10,DC=com
Last time Group Policy was applied: 3/5/2011 at 3:24:13 PM
Group Policy was applied from: PDC.domain10.com
Group Policy slow link threshold: 500 kbps
Domain Name: domain10
Domain Type: Windows 2000Applied Group Policy Objects
—————————–
Default Domain PolicyThe following GPOs were not applied because they were filtered out
——————————————————————-
Local Group Policy
Filtering: Not Applied (Empty)The computer is a part of the following security groups
——————————————————-
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
YEMEN$
Domain Computers
System Mandatory LevelResultant Set Of Policies for Computer
—————————————Software Installations
———————-
N/AStartup Scripts
—————
N/AShutdown Scripts
—————-
N/AAccount Policies
—————-
GPO: Default Domain Policy
Policy: LockoutDuration
Computer Setting: 1GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 42GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: 1GPO: Default Domain Policy
Policy: ResetLockoutCount
Computer Setting: 1GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: 2GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: N/AGPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 7Audit Policy
————
N/AUser Rights
———–
N/ASecurity Options
—————-
GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not EnabledGPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not EnabledGPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Not EnabledGPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not EnabledN/A
Event Log Settings
——————
N/ARestricted Groups
—————–
N/ASystem Services
—————
N/ARegistry Settings
—————–
N/AFile System Settings
——————–
N/APublic Key Policies
——————-
N/AAdministrative Templates
————————
N/AUSER SETTINGS
————–
CN=wongw,OU=New York Office,DC=domain10,DC=com
Last time Group Policy was applied: 3/5/2011 at 3:37:07 PM
Group Policy was applied from: PDC.domain10.com
Group Policy slow link threshold: 500 kbps
Domain Name: domain10
Domain Type: Windows 2000Applied Group Policy Objects
—————————–
Default Domain PolicyThe following GPOs were not applied because they were filtered out
——————————————————————-
Local Group Policy
Filtering: Not Applied (Empty)The user is a part of the following security groups
—————————————————
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
Remote Desktop Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
GRP_Send_As_Chank
GRP_WKSADMIN
GRP_Access_Chank_Mailbox
Staffs
All_Staffs
High Mandatory LevelThe user has the following security privileges
———————————————-Bypass traverse checking
Shut down the system
Remove computer from docking station
Increase a process working set
Change the time zone
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Adjust memory quotas for a process
Perform volume maintenance tasks
Impersonate a client after authentication
Create global objects
Create symbolic linksResultant Set Of Policies for User
———————————–Software Installations
———————-
N/ALogon Scripts
————-
N/ALogoff Scripts
————–
N/APublic Key Policies
——————-
N/AAdministrative Templates
————————
N/AFolder Redirection
——————
N/AInternet Explorer Browser User Interface
—————————————-
N/AInternet Explorer Connection
—————————-
N/AInternet Explorer URLs
———————-
N/AInternet Explorer Security
————————–
N/AInternet Explorer Programs
————————–
N/AAny help is greatly appreciated.