Edit Domain Group Policy



Edit

29 Jul 20130How-To Guides

Windows Server 2008 introduced a special Group Policy extension (Group Policy Preferences — GPP). It allows you to manage registry keys and parameters through the Group Policy. GPP allows you to add, remove, or modify registry parameters, values, and keys on domain-joined computers. Select the domain for which the policy settings have to created and applied Double-click on the domain to see a list of OUs and other containers in the domain Right-click on the Group Policy Objects container and select New Enter the name of the GPO and click OK. The default domain policy is built in, and probably has a standard GUID on every domain, so deleting it and recreating it is not a good idea as it will never be exactly the same again. Oh and I'm glad my pointers fixed it for you:) I've had to do it before because it bugged me that the folder redirection stuff always stayed in a GPO even after.

Prequisite: Only users that are Domain Admins or Enterprise Admins, or equivalent, are able to configure password policy on a Domain.

Procedure:

Navigate to StartAdministrative Tools Group Policy Management.

Expand the relevant domain node. Right click Default Domain Policy and select Edit from the drop down list.

Group Policy Management Editor opens. Navigate to Computer ConfigurationPolicies Windows Settings Security Settings Account Policies Account Lockout Policy where three lockout policy settings listed.

ResetGroupEdit Domain Group Policy

To set the Account Lockout Threshold policy setting, right click it and select Properties from the drop down list.

Edit domain group policy

Edit Domain Group Policy Remotely

The Account Lockout Threshold properties dialog box opens. For our example, we amend the lockout threshold number to 12. Click OK to apply the changes.

Note: Configuring the Account Lockout Threshold to 12 means that the user account would be ‘locked out’ after more than 12 failed logon attempts.

You are informed that since the Account Lockout Threshold policy setting has been given a value, Windows Server automatically defines and applies a security setting of 30 minutes to the other policy settings (Account Lockout Duration and Reset Account Lockout Counter After). Click OK to continue.

The Account Lockout Threshold has now been successfully configured. The other policy settings, Account Lockout Duration and Reset Account Lockout Counter After, also have been updated.

If you prefer that a user account is locked out until an administrator unlocks it again, open the Account Lockout Duration properties dialog box. Enter in ‘0’ to the text box and click OK.

Edit Domain Group Policy On Local Machine

The Account Lockout Duration policy setting has been configured to 0 minutes meaning that a user account would thus remain locked until an administrator unlocks it.

How To Delete Group Policy

Done!





Comments are closed.