How low is your policy set? If it is 10 or less reconsider. Think about what the lockout policy is in place to avoid and what a good logical number is to use to accomplish that goal.
Are your machines all W2K+ or what are they? Do you have logging enabled on your DC's and have you chased the event log entries to see how the requests are coming in (i.e. very quickly or spread out or ?). joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raymond McClinnis Sent: Tuesday, October 14, 2003 7:40 PM To: [EMAIL PROTECTED] Hello All, We recently implemented the Require Strong Passwords on out WIN2K and it seems that some users get locked out after entering an incorrect password only one time. (I assure you that I allow more than one mistake; I too am human) This was happening before the change, but I am seeing it more now (harder password's = more mistakes) The only thing I can think of is that we have multiple remote DCs in a bridged WAN environment, so when someone logs on, it hits a couple of them at the same time and they all count it as an invalid try. That's my theory anyways, I'm open for suggestions. Thanks, Raymond List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
