I've recently made a change in our Group Policy Management to adjust the computer lock time from 90 minutes to just 10. While I'm okay with it, there has been some pushback, so we're making exceptions for certain users, which is a bit ironic. I set up a separate rule that should only impact a specific group of users, but they're still experiencing the 10-minute lockout. I enforced this new rule since the original one is set for all authenticated users. This is my first time dealing with these specific GPO settings as I usually handle server and network side tasks. My colleague, who had been in charge of this setup, has left, and now the responsibility falls on me. Any advice would be greatly appreciated!
**Edit:** I think I figured out the problem! My test computer is now locking after 18+ minutes instead of 10.
3 Answers
I suggest checking whether both your old and new policies are being applied. Use `gpresult /r` for general users and `gpresult /r /scope:computer` from a command prompt with elevated privileges. If you can only see the new policy, that might signal a problem. It could be due to failed DC replication or an issue with the way the old policy was set.
Make sure you understand that 'Enforced' doesn't work the way you might think. GPOs apply in a bottom-up fashion, meaning a GPO with a lower link number takes precedence over a higher one. So check the link order in the targeted OU.
Try running `gpresult /h` on the affected machines to see which policy is actually applying. Also, check and ensure the user’s OU location is correct so the appropriate policy is applied. You could also consider denying the lockout policy for those specific users within the first policy's scope.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures