General discussion

Locked

Account Lockout GPO is not working on 64-bit Windows 7

By larry07960 ·
Hi All,

I am trying to configure the default domain policy with Account Lockout settings (Lockout for 1 minute after 2 tries.) After deploying the GPO, none of the Windows 7 clients and most of the Vista clients are not working.

After changing Account Lockout policy, I performed gpupdate /force on all DCs, and all updates are successful. I performed gpupdate /force on all clients, and shutdown the PCs twice. But Windows 7 default account lockout policy (5 tries and lockout for 3 minutes, I think, is still in effect.)

On every Windows 7 and Windows Vista machines, GPRESULT /H clearly shows the default domain policy is applied with correct account lockout settings. (Techrepublic doesn't allow uploading screeshots.)

Following is my domain structure:
Site 1:
PDC: Windows Server 2008 R2
DC: Windows Server 2008 R2

Site 2:
DC: Windows Server 2003 R2 64-bit

Site 3:
DC: Windows Server 2008 32-bit

Following is copied from gpresult /V from one of Windows 7 Client:


Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 3/5/2011 at 4:12:07 PM


RSOP data for domain10\wongw on YEMEN : Logging Mode
-------------------------------------------------------

OS Configuration: Member Workstation
OS Version: 6.1.7601
Site Name: Default-First-Site-Name
Roaming Profile: N/A
Local Profile: C:\Users\wongw
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
CN=YEMEN,CN=Computers,DC=domain10,DC=com
Last time Group Policy was applied: 3/5/2011 at 3:24:13 PM
Group Policy was applied from: PDC.domain10.com
Group Policy slow link threshold: 500 kbps
Domain Name: domain10
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
YEMEN$
Domain Computers
System Mandatory Level

Resultant Set Of Policies for Computer
---------------------------------------

Software Installations
----------------------
N/A

Startup Scripts
---------------
N/A

Shutdown Scripts
----------------
N/A

Account Policies
----------------
GPO: Default Domain Policy
Policy: LockoutDuration
Computer Setting: 1

GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 42

GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: 1

GPO: Default Domain Policy
Policy: ResetLockoutCount
Computer Setting: 1

GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: 2

GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: N/A

GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 7

Audit Policy
------------
N/A

User Rights
-----------
N/A

Security Options
----------------
GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled

N/A

Event Log Settings
------------------
N/A

Restricted Groups
-----------------
N/A

System Services
---------------
N/A

Registry Settings
-----------------
N/A

File System Settings
--------------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
N/A


USER SETTINGS
--------------
CN=wongw,OU=New York Office,DC=domain10,DC=com
Last time Group Policy was applied: 3/5/2011 at 3:37:07 PM
Group Policy was applied from: PDC.domain10.com
Group Policy slow link threshold: 500 kbps
Domain Name: domain10
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
Remote Desktop Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
GRP_Send_As_Chank
GRP_WKSADMIN
GRP_Access_Chank_Mailbox
Staffs
All_Staffs
High Mandatory Level

The user has the following security privileges
----------------------------------------------

Bypass traverse checking
Shut down the system
Remove computer from docking station
Increase a process working set
Change the time zone
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Adjust memory quotas for a process
Perform volume maintenance tasks
Impersonate a client after authentication
Create global objects
Create symbolic links

Resultant Set Of Policies for User
-----------------------------------

Software Installations
----------------------
N/A

Logon Scripts
-------------
N/A

Logoff Scripts
--------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
N/A

Folder Redirection
------------------
N/A

Internet Explorer Browser User Interface
----------------------------------------
N/A

Internet Explorer Connection
----------------------------
N/A

Internet Explorer URLs
----------------------
N/A

Internet Explorer Security
--------------------------
N/A

Internet Explorer Programs
--------------------------
N/A


Any help is greatly appreciated.

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Please re-post in Q&A

by seanferd In reply to Account Lockout GPO is no ...

Try reposting this in the 'Q&A' forum. The 'Discussion' forum is for matters of general discussion, not specific problems in search of a solution. The 'Water Cooler' is for non-technical discussions. You can submit a question to 'Q&A' here:

http://www.techrepublic.com/forum/questions/post?tag=mantle_skin;content

There are TR members who specifically seek out problems in need of a solution. Although there is some overlap between the forums, you'll find more of those members in 'Q&A' than in 'Discussions' or 'Water Cooler'.

Be sure to use the voting buttons to provide your feedback. Voting a '+' does not necessarily mean that a given response contained the complete solution to your problem, but that it served to guide you toward it. This is intended to serve as an aid to those who may in the future have a problem similar to yours. If they have a ready source of reference available, perhaps won't need to repeat questions previously asked and answered. If a post did contain the solution to your problem, you can also close the question by marking the helpful post as "The Answer".

Back to Networks Forum
1 total post (Page 1 of 1)  

Hardware Forums