Account Lockout is not working

I have setup a GPO with an account lockout of 1.

Applied the GPO to the OU with one workstation.

Yet the computer is not locking out after one attempts.

What am I doing wrong?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

mwgood

Try running rsop.msc on the workstation to see if your GPO was actually applied.

dynamik

Password policies have to be configured at the domain level. If you configure them at the OU, they only apply to local accounts.

sprkymrk

If you apply Account Lockout at a level other than the domain level, it only applies to local accounts, not domain accounts.

Create a local user on that computer and try it with his account, it should work.

Dynamic did you edit your reply while I was replying? Didn't see a mention of local accounts on your at first.

Gundamtdk

Then I should be editing the Domain Default Policy in Group Policy Management?

gojericho0

Gundamtdk wrote:

Then I should be editing the Domain Default Policy in Group Policy Management?

Yup and make sure you are not blocking inheritance on your Domain Controllers OU. I had this problem in production trying to apply this at the OU level, and it took me about a week to figure out why it wasn't working

whume

I know this thread is kind of old however I have run into this issue with another admin setting up the policy incorrectly and I have made the changes to reflect the policy in the default domain policy. The issue is I am still only seeing this affect local accounts. Any help would be appreciated.

Thanks,