Windows 95/98 clients randomly locked out of AD
We have just completed a migration from NT4 to Windows 2000 AD /SingleForest /Single Domain (still mixed mode but without NT servers). At the moment we have not yet defined global policies in the SAM database, and there are no user-specific policies for user accounts. My problem is that Win95/98 users are being locked out randomly, for which I have to reset the account. My only guess is that somehow the PCs' registries are remembering previous policies applied under the NT4 domain. Is there any way to reset them or avoid the continuous lockouts? I have tried to deploy a policy with undefined "Account lockout threshold," but it didn't work.
There are three possible settings for NT/2000 policies: enabled (checked), un-defined (greyed out) and disabled (white, no check-mark). By leaving a policy setting undefined, you are effectively telling the workstation, "Do whatever it is you usually do, this setting doesn't apply to you." If you wish to explicitly state, "Do not use any account lockout settings," explicitly un-check the appropriate setting so that the box next to it is white, not grey. This will override any existing or conflicting settings on the workstation.
This was first published in March 2003