Account Lockout is not working

Gundamtdk · June 2008

I have setup a GPO with an account lockout of 1.

Applied the GPO to the OU with one workstation.

Yet the computer is not locking out after one attempts.

What am I doing wrong?

mwgood · June 2008

Try running rsop.msc on the workstation to see if your GPO was actually applied.

dynamik · June 2008

Password policies have to be configured at the domain level. If you configure them at the OU, they only apply to local accounts.

sprkymrk · June 2008

If you apply Account Lockout at a level other than the domain level, it only applies to local accounts, not domain accounts.

Create a local user on that computer and try it with his account, it should work.

Dynamic did you edit your reply while I was replying? Didn't see a mention of local accounts on your at first.

Gundamtdk · June 2008

Then I should be editing the Domain Default Policy in Group Policy Management?

gojericho0 · June 2008

Gundamtdk wrote:

Then I should be editing the Domain Default Policy in Group Policy Management?

Yup and make sure you are not blocking inheritance on your Domain Controllers OU. I had this problem in production trying to apply this at the OU level, and it took me about a week to figure out why it wasn't working

whume · February 2015

I know this thread is kind of old however I have run into this issue with another admin setting up the policy incorrectly and I have made the changes to reflect the policy in the default domain policy. The issue is I am still only seeing this affect local accounts. Any help would be appreciated.

Thanks,

Account Lockout is not working

Comments