You can enable password history of at least 3 and then we will not increment the bad password count in those instances.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog ies/security/bpactlck.mspx "Password history check (N-2): Before a Windows Server 2003 operating system increments badPwdCount, it checks the invalid password against the password history. If the password is the same as one of the last two entries that are in the password history, badPwdCount is not incremented for both NTLM and the Kerberos protocol. This change to domain controllers should reduce the number of lockouts that occur because of user error." This was back ported to Windows 2000 as well. Thanks, -Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Tuesday, May 02, 2006 5:11 PM To: [email protected] Subject: RE: [ActiveDir] dealing with authentication errors after password change? Accounts tend to get locked out, helpdesk tickets generated, and it all works itself out. If it keeps happening the helpdesk can escalate the username to me and I'll go check the eventlog database and figure out where they're logged in. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Thommes, Michael M. > Sent: Tuesday, May 02, 2006 5:12 PM > To: [email protected] > Subject: [ActiveDir] dealing with authentication errors after password > change? > > How do other admins deal with the copious authentication errors a user > will generate after the user resets his password with a CNTL+ALT+DEL > and stays logged into the session with his old credentials? > > Mike Thommes > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail- > archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
