Sunday, November 17, 2013

Small Business Server 2003 with Win7 client account lockout

I recently added a WIndows 7 Pro 64 bit client to an SBS 2003 AD domain.  After which, every time the Win7 client reboot/went into standby/screenlocked then the domain account would get locked out.

After several attempts I was able to rectify the issue by disabling SBS Account lockout policy...

Open Server Management.
  1. In the console tree, click Advanced Management, right-click Group Policy Management, and then click Add forest.
  2. In the Add forest dialog box, enter the domain name. When prompted Do you want to add this forest with this domain?, click Yes.
  3. In the console tree, under Group Policy Management, click Forest:forestname, click Domains, right-click Small Business Server (Account) Lockout Policy, and then click Edit.
  4. In Group Policy Object Editor, click Computer Configuration, click Windows Settings, and then click Security Settings.
  5. Under Security Settings, click Account Policies, and then click Account Lockout Policy.
  6. In the details pane, double-click each of the following policies, and modify settings as needed: Account lockout duration, Account lockout threshold, and Reset account lockout counter after.
  7. I SET ACCOUNT LOCKOUT THRESHOLD TO ZERO.
  8. Click Apply, click OK, and then close Group Policy Object Editor.
  9. Close Group Policy Management.
If you also need to disable Account audit... (I didn't have it set ) do the following...

  1. Open Server Management.
  2. In the console tree, click Advanced Management, right-click Group Policy Management, and then click Add forest.
  3. In the Add forest dialog box, enter the domain name. When prompted Do you want to add this forest with this domain?, click Yes.
  4. In the console tree, under Group Policy Management, click Forest:forestname, click Domains, right-click domainname, click Domain Controllers, right-click Small Business Server Auditing Policy, and then click Edit.
  5. In Group Policy Object Editor, click Computer Configuration, click Windows Settings, click Security Settings, and then click Local Policies.
  6. Under Security Settings, click Local Policies, and then click Audit Policy.
  7. In the details pane, double-click Audit logon events, and modify settings as needed.
  8. Click Apply, click OK, and then close Group Policy Object Editor.
  9. Close Group Policy Management.

No comments:

Post a Comment