Aside from Domain securit policy and domain controller security policy is there anywhere else where account lockouts would be configured?
I'm testing a situation where accounts are occasionally locked out when users are already logged in (log says bad password or username for that user and that PC). I've seen a couple of articles in the KB that mention quicker lockout due to kerberos and ntlm authentation being used (each attempts is actually counted 2x). Also the way the authentication tickets are handed out and not always released (supposed to be fixed with a hotfix from MS)
I've disabled lockout in the DC Security policy and Domain Security policy yet the account still gets locked out. I'm curious where else this policy is set (I will be enabling lockouts just want to find out). This won't solve the problem though. Does anyone else have this issue with Windows 98 SE machines in a 2000 server network??
I'm testing a situation where accounts are occasionally locked out when users are already logged in (log says bad password or username for that user and that PC). I've seen a couple of articles in the KB that mention quicker lockout due to kerberos and ntlm authentation being used (each attempts is actually counted 2x). Also the way the authentication tickets are handed out and not always released (supposed to be fixed with a hotfix from MS)
I've disabled lockout in the DC Security policy and Domain Security policy yet the account still gets locked out. I'm curious where else this policy is set (I will be enabling lockouts just want to find out). This won't solve the problem though. Does anyone else have this issue with Windows 98 SE machines in a 2000 server network??
