Printable View
I just put in place a Group Policy through AD to lock out accounts after 5 attempts. However this is not taking effect. It has replicated to all of my DC however when I try to log in(Citrix Enviornment) it doesn't work. The accounts never lock out.
My unlock threshord is set to 999 minutes
and my reset unlock attempts is set to 200minutes
We want people to call the help desk to get them unlocked.
However it isn't work. In my test enviornment it works fine.
Please Assist.
Type GPUPDATE at the command prompt of one of your hosts. Try again. Report your results here.
it says it is not a reconized command when I do it on one of my DC
Do it on a client machine, not the DC.
I also did it on another one of my servers(windows 2000) since were running citrix and I get the same error.
There you have it, the gpupdate utility comes with XP. I assumed you have XP clients.
On 2000, you use secedit. Here is the syntax:
Refresh security settings
secedit /refreshpolicy
This command refreshes system security by reapplying the security settings to the Group Policy object.
Syntax
secedit /refreshpolicy {machine_policy | user_policy}[/enforce]
Parameters
machine_policy
Refreshes security settings for the local computer.
user_policy
Refreshes security settings for the local user account currently logged on to the computer.
/enforce
Refreshes security settings, even if there have been no changes to the Group Policy object settings.
alright but I applied this to all users in the domain. Is there anyway to do this without having to hit this on every computer? Also I guess I want to refresh the machine policy? since this is a domain setting???? for domain accounts?
Will a reboot of a server do this?
Yes. A reboot of each client will force a policy update. Otherwise, the policy will push based on what you have the policy push time set to. BY default I believe it's half hour but I could be wrong.
nope didn't quiet work. I issued the command and the event log says it has been applied however it still doesn't lock out my account.
Check the configuration of the GP object. Sounds like there is something wrong. These two tools work for me all the time.