Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

account lockout policy

Feb 13, 2014 12:15AM PST

Hi to all,

i have a windows xp client and i want to configure the user lockout after 3 failed attempts

In the local policy, under the section "account lockout policy", i configured the following parameters:

account lockout duration -> 0
account lockout threshold -> 3
reset account lockout counter after -> 30 minutes

With this configuration, if a user wrong the password for 3 times, he is blocked until when the administrator un-block him

But this configuration doesn't work; if a user wrong the password, he isn't blocked

Why? How could i configure the user lockout?

Thanks

Discussion is locked

- Collapse -
Does XP do this?
Feb 13, 2014 12:31AM PST

If not you'll have to add something. I see this in Windows NT, 2000, 2003, 7 but didn't find it in XP.

Bob

- Collapse -
Re: account lockout
Feb 13, 2014 12:32AM PST
- Collapse -
By the way. All this is too easy to get around.
Feb 13, 2014 12:41AM PST

Google NTPASSWD among other ways. This is not secure in any way. Nice idea but don't count on it.
Bob

- Collapse -
configuration works only for local user
Feb 13, 2014 6:51PM PST

Hi,

the configuration for lockout that i implemented works fine for local users of the client, but doesn't work for the domain users; my client is part of a domain

Why?

The local policy would be applied both for local and domain users without any difference or i'm wrong?

- Collapse -
Seems you're wrong.
Feb 13, 2014 8:45PM PST

I might even say: you've proven it. Good job.

Now see if you can implement a comparable restriction in the server or in another part of the registry. Microsoft should know. They made it. Just phone and ask.

Kees

- Collapse -
Think about that for a second
Feb 13, 2014 10:06PM PST

Think about that for a second... What would be the point of a domain, which is primarily aimed at providing a centralized system for managing large numbers of computers, if it can be overridden by any random nutter who wants to go mucking about with the local policies? It would undermine the central purpose of software Microsoft sells for thousands of dollars, which wouldn't make much business sense, now would it?

Local users reside on the local computer, domain users don't, strictly speaking, reside on the local computer, they reside on the domain controller, which is the crux of your problem. You need to implement this change with the domain controller software.

Note: This post was edited by a forum moderator to remove personal attack on 02/15/2014 at 12:05 PM PT