Group Policy
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 39

Thread: Group Policy

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Posts
    172

    Group Policy

    I just put in place a Group Policy through AD to lock out accounts after 5 attempts. However this is not taking effect. It has replicated to all of my DC however when I try to log in(Citrix Enviornment) it doesn't work. The accounts never lock out.

    My unlock threshord is set to 999 minutes
    and my reset unlock attempts is set to 200minutes
    We want people to call the help desk to get them unlocked.

    However it isn't work. In my test enviornment it works fine.

    Please Assist.

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Type GPUPDATE at the command prompt of one of your hosts. Try again. Report your results here.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    it says it is not a reconized command when I do it on one of my DC

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Do it on a client machine, not the DC.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    I also did it on another one of my servers(windows 2000) since were running citrix and I get the same error.

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    There you have it, the gpupdate utility comes with XP. I assumed you have XP clients.

    On 2000, you use secedit. Here is the syntax:

    Refresh security settings
    secedit /refreshpolicy
    This command refreshes system security by reapplying the security settings to the Group Policy object.

    Syntax
    secedit /refreshpolicy {machine_policy | user_policy}[/enforce]

    Parameters
    machine_policy
    Refreshes security settings for the local computer.
    user_policy
    Refreshes security settings for the local user account currently logged on to the computer.
    /enforce
    Refreshes security settings, even if there have been no changes to the Group Policy object settings.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    alright but I applied this to all users in the domain. Is there anyway to do this without having to hit this on every computer? Also I guess I want to refresh the machine policy? since this is a domain setting???? for domain accounts?

    Will a reboot of a server do this?

  8. #8
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Yes. A reboot of each client will force a policy update. Otherwise, the policy will push based on what you have the policy push time set to. BY default I believe it's half hour but I could be wrong.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  9. #9
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    nope didn't quiet work. I issued the command and the event log says it has been applied however it still doesn't lock out my account.

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Check the configuration of the GP object. Sounds like there is something wrong. These two tools work for me all the time.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides