Jump to content

Administrator account and lockout policy

Guest RayRogers

By Guest RayRogers
in Techno Babble

 Share

Recommended Posts

Guest RayRogers

Guest RayRogers

Posted
Posted

I have account lockout policy applied to the domain. I created an account

(not a default administrator account) which is member of domain admin, is

there a way to have this admin account exempt from this lockout policy?

Thanks!

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Dobromir Todorov

Guest Dobromir Todorov

Posted
Posted

Not before Windows 2008 - as there is a single domain password policy for

all users.

 

You can in Windows 2008 - see this link for more details:

http://technet.microsoft.com/en-us/magazin...echNet.10).aspx

 

--

---

HTH,

Dobromir

 

Learn more about Security and Identity Management:

Visit http://www.iamechanics.com

 

"RayRogers" <RayRogers@news.postalias> wrote in message

news:C4F80131-F580-4936-A781-BDA313B9748D@microsoft.com...<span style="color:blue">

>I have account lockout policy applied to the domain. I created an account

> (not a default administrator account) which is member of domain admin, is

> there a way to have this admin account exempt from this lockout policy?

> Thanks! </span>

Guest RayRogers

Guest RayRogers

Posted
Posted

Thank you very much for the info.

 

"Steve Riley [MSFT]" wrote:

<span style="color:blue">

> I'd encourage you not to use account lockout. I know that some of our

> published guidance recommends it, but that was written some time ago.

> Account lockout is expensive -- the average cost per call to a help desk is

> $70. Plus, it creates a situation in which an attacker can intentionally

> lock out some or all of your users -- a kind of denial of service attack. So

> long as you're using good (by that I mean long) passphrases, then you really

> don't need account lockout.

>

> --

> Steve Riley

> steve.riley@microsoft.com

> http://blogs.technet.com/steriley

> http://www.protectyourwindowsnetwork.com

>

>

>

> "RayRogers" <RayRogers@news.postalias> wrote in message

> news:C4F80131-F580-4936-A781-BDA313B9748D@microsoft.com...<span style="color:green">

> > I have account lockout policy applied to the domain. I created an account

> > (not a default administrator account) which is member of domain admin, is

> > there a way to have this admin account exempt from this lockout policy?

> > Thanks! </span>

> </span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...