I have just created a new OU in AD containing accounts of users who only require a mailbox (no interactive logon required).
To tighten the security, I have created a new Group policy for that OU, specifying the following settings:
Computer > Configuration (Enabled) > Policies >Windows > Settings > Security Settings >Account Policies/Account > Lockout Policy:
Policy
Setting
Account lockout duration 0 minutes
Account lockout threshold 1 invalid logon attempts
Reset account lockout counter after 30 minutes
I then updated it (gpupdate /force) but the policy doesn't seem to work at all. I tested it by using one of the accounts in that OU; I entered the wrong password about 10 times followed by the correct password and it logged me on to the domain. This account also doesn't appear to be locked when I checked in the AD Administrative Centre. All DNS connectivity & configuration appears to be fine on the domain.
Any suggestions as to where I've gone wrong?
Marco S