Server 2012 Account Lockout Policy not Working

By Jason92s ·
I'm setting up a brand new 2012 server for our small (13 user) network.  I modified the default domain policy and set the lockout policy to lock the user out after 3 failed logins.  Then I deleted the lockout policy portion of the GPO and added a new GPO specifying the lockout policy for the OU.  I changed the threshold to 5 attempts and more time for the lockout duration, but my old settings are still applying.  If I check in Powershell it shows my old settings as what's being used.  BUT, if I run group policy results, it shows the updated settings.  For some reason it sees the old policy even though I deleted it. Any ideas?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Account Lockout

by arlingtonedwin In reply to Server 2012 Account Locko ...

Based on my research, you can use the below menttion lockoutstatus.exe tool. With this tool, you can see the "Bad Pwd Count" increase from 0 to 1 on the first bad login attempt. please checkout the following articles.

Account Lockout Status (LockoutStatus.exe)

AD DS: Fine-Grained Password Policies

and how to implement them, step by step

Here is another article for your reference

Related Discussions

Related Forums