Administrator account and lockout policy

Administrator account and lockout policy
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Administrator account and lockout policy =?Utf-8?B?UmF5Um9nZXJz?= 07-15-2008
Posted by =?Utf-8?B?UmF5Um9nZXJz?= on July 15, 2008, 12:35 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I have account lockout policy applied to the domain. I created an account
(not a default administrator account) which is member of domain admin, is
there a way to have this admin account exempt from this lockout policy?
Thanks!

Posted by Dobromir Todorov on July 15, 2008, 4:50 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Not before Windows 2008 - as there is a single domain password policy for
all users.

You can in Windows 2008 - see this link for more details:
http://technet.microsoft.com/en-us/magazine/cc137749(TechNet.10).aspx

--
---
HTH,
Dobromir

Learn more about Security and Identity Management:
Visit http://www.iamechanics.com

>I have account lockout policy applied to the domain. I created an account
> (not a default administrator account) which is member of domain admin, is
> there a way to have this admin account exempt from this lockout policy?
> Thanks!



Posted by =?Utf-8?B?UmF5Um9nZXJz?= on July 16, 2008, 5:49 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Thank you very much for the info.

"Steve Riley [MSFT]" wrote:

> I'd encourage you not to use account lockout. I know that some of our
> published guidance recommends it, but that was written some time ago.
> Account lockout is expensive -- the average cost per call to a help desk is
> $70. Plus, it creates a situation in which an attacker can intentionally
> lock out some or all of your users -- a kind of denial of service attack. So
> long as you're using good (by that I mean long) passphrases, then you really
> don't need account lockout.
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> > I have account lockout policy applied to the domain. I created an account
> > (not a default administrator account) which is member of domain admin, is
> > there a way to have this admin account exempt from this lockout policy?
> > Thanks!
>

Similar ThreadsPosted
Account lockout October 20, 2006, 4:22 am
Account Lockout threshold June 12, 2005, 11:31 pm
Account Lockout Policies August 30, 2007, 1:14 am
Re: Account Lockout Policies September 4, 2007, 12:45 am
Account Lockout event log only recorded ... sometimes December 14, 2007, 12:33 pm
User account lockout connecting to Exchange August 22, 2007, 12:28 pm
Renamed Local Administrator Account Name Reverts to Old Account Name November 30, 2005, 4:39 am
Renaming "Administrator" account October 20, 2005, 12:18 pm
rename Administrator account well after initial set-up January 4, 2006, 4:28 pm
Account/Password Policy Using GPO Not Working May 6, 2008, 9:25 am

The site map in XML format XML site map

Contact Us | Privacy Policy