|Subject:||Account should be locked out.....but isn't!|
|Posted by:||Qu33n Bee (Qu33nB…@discussions.microsoft.com)|
|Date:||Mon, 20 Aug 2007|
I am security auditor for a Windows 2003/2000 mixed-mode domain. Client
workstations are XP SP2, and all domain controllers are 2003 server. The
default domain group policy defines the account lockout policy at a threshold
of 6 failed logons.
Recently I have noticed a large number of failed logons for a user who has
Domain Admins membership. With 1154 failures in 2 days, I would have expected
the account to have been locked out but it isn't. The failures are all
529/Type 3. I have checked for settings that block inheritance of the default
domain policy but there are none. How can the account have failed logon so
many times and not triggered the lockout?