Hi All,
I am trying to configure the default domain policy with Account Lockout settings (Lockout for 1 minute after 2 tries.) After deploying the GPO, none of the Windows 7 clients and most of the Vista clients are not working.
After changing Account Lockout policy, I performed gpupdate /force on all DCs, and all updates are successful. I performed gpupdate /force on all clients, and shutdown the PCs twice. But Windows 7 default account lockout policy (5 tries and lockout for 3 minutes, I think, is still in effect.)
On every Windows 7 and Windows Vista machines, GPRESULT /H clearly shows the default domain policy is applied with correct account lockout settings. (Techrepublic doesn’t allow uploading screeshots.)
Following is my domain structure:
Site 1:
PDC: Windows Server 2008 R2
DC: Windows Server 2008 R2
Site 2:
DC: Windows Server 2003 R2 64-bit
Site 3:
DC: Windows Server 2008 32-bit
Following is copied from gpresult /V from one of Windows 7 Client:
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 3/5/2011 at 4:12:07 PM
RSOP data for domain10\wongw on YEMEN : Logging Mode
——————————————————-
OS Configuration: Member Workstation
OS Version: 6.1.7601
Site Name: Default-First-Site-Name
Roaming Profile: N/A
Local Profile: C:\Users\wongw
Connected over a slow link?: No
COMPUTER SETTINGS
——————
CN=YEMEN,CN=Computers,DC=domain10,DC=com
Last time Group Policy was applied: 3/5/2011 at 3:24:13 PM
Group Policy was applied from: PDC.domain10.com
Group Policy slow link threshold: 500 kbps
Domain Name: domain10
Domain Type: Windows 2000
Applied Group Policy Objects
—————————–
Default Domain Policy
The following GPOs were not applied because they were filtered out
——————————————————————-
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups
——————————————————-
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
YEMEN$
Domain Computers
System Mandatory Level
Resultant Set Of Policies for Computer
—————————————
Software Installations
———————-
N/A
Startup Scripts
—————
N/A
Shutdown Scripts
—————-
N/A
Account Policies
—————-
GPO: Default Domain Policy
Policy: LockoutDuration
Computer Setting: 1
GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 42
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: 1
GPO: Default Domain Policy
Policy: ResetLockoutCount
Computer Setting: 1
GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: 2
GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: N/A
GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 7
Audit Policy
————
N/A
User Rights
———–
N/A
Security Options
—————-
GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled
N/A
Event Log Settings
——————
N/A
Restricted Groups
—————–
N/A
System Services
—————
N/A
Registry Settings
—————–
N/A
File System Settings
——————–
N/A
Public Key Policies
——————-
N/A
Administrative Templates
————————
N/A
USER SETTINGS
————–
CN=wongw,OU=New York Office,DC=domain10,DC=com
Last time Group Policy was applied: 3/5/2011 at 3:37:07 PM
Group Policy was applied from: PDC.domain10.com
Group Policy slow link threshold: 500 kbps
Domain Name: domain10
Domain Type: Windows 2000
Applied Group Policy Objects
—————————–
Default Domain Policy
The following GPOs were not applied because they were filtered out
——————————————————————-
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
—————————————————
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
Remote Desktop Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
GRP_Send_As_Chank
GRP_WKSADMIN
GRP_Access_Chank_Mailbox
Staffs
All_Staffs
High Mandatory Level
The user has the following security privileges
———————————————-
Bypass traverse checking
Shut down the system
Remove computer from docking station
Increase a process working set
Change the time zone
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Adjust memory quotas for a process
Perform volume maintenance tasks
Impersonate a client after authentication
Create global objects
Create symbolic links
Resultant Set Of Policies for User
———————————–
Software Installations
———————-
N/A
Logon Scripts
————-
N/A
Logoff Scripts
————–
N/A
Public Key Policies
——————-
N/A
Administrative Templates
————————
N/A
Folder Redirection
——————
N/A
Internet Explorer Browser User Interface
—————————————-
N/A
Internet Explorer Connection
—————————-
N/A
Internet Explorer URLs
———————-
N/A
Internet Explorer Security
————————–
N/A
Internet Explorer Programs
————————–
N/A
Any help is greatly appreciated.
