question

SuyPeang-0083 avatar image
0 Votes"
SuyPeang-0083 asked DaisyZhou-MSFT commented

Windows Account Lockout Policy

Hi All,

Currently, my organization are using Active Directory 2012R2, We are Applying an Account Lockout Policy on GPO. Yesterday, My user has locked when type wrong password three times, then this user un-plug the network cable, then he can login to his PC when his user still locked.

Event they un-plug the network cable. How to prevent users login to his/her PC while his/her account currently locked?

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered DaisyZhou-MSFT commented

Hello @SuyPeang-0083,

Thank you for posting here.

Based on the description, what you have mentioned (if the user used to login to one machine successfully, then after her/his account was locked out and after he/she un-plug the network cable of her/his machine, even her/his account was locked out, she/he can still login to her/his machine) was normal, the users login to their machine with the cached credentials. I have done a test in my lab, I got the same result as you.

I am sorry, currently, even they un-plug the network cable, there is no method to prevent users login to his/her PC while his/her account currently locked.


Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

hi @DaisyZhou-MSFT , Does have any solutions to prevent them to login to computer when their user currently locked?

0 Votes 0 ·

Hello @SuyPeang-0083,

Thank you for your update.

If the users un-plug the network cable, based on my knowledge, I am sorry, I do not know how to prevent them to login to computer when their user currently locked.

Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·