Hi, We are currently experieincing a few problems with an account lock-out policy that we enabled briefly in Active Directory and then removed. To increase network security we thought that we would enable Account Lockout Policy on our UK Domain, now initially this seemed to work effectively and we weren't having too many problems but after a day or two we noticed that users would randomly get locked out from their PC's and inparticularly laptops. So, as a result we removed the lockout policy from our default domain policy reverting us back to how we initially had the GPO set up. For all users who have an XP desktop / laptop this transition happened fairly smoothly and they no longer have any lock out issues. However, the remnants of this policy continue to stick around in our Vista installations and every now and again we end up being locked out. I have tried my best to narrow down the issue, i have resolved gpresult /V /SCOPE Computer to allow us to see exactly what policies are being pushed to our machines. I've also used gpupdate /force to force an immediate update of the policy on the local machine which has also failed. I have also tried removing the computer from the domain and then adding it back on to the domain in the vain hope that this would re-apply the correct policy without the Account Lockout. I have also disabled UAC as i have the understanding that sometimes this can affect GPO's and how they are applied to particular machines. All else i can say is that it might have something to do with Exchange and Outlook, the reason i think this is because of the following: When i finish work for the evening i hibernate my laptop, at home last night i connected in to the work place over our VPN connection, i worked away quite happily and then disconnected from the VPN and hibernated my laptop - i have to admit i did leave outlook open. When i came into work this morning and docked in i was locked out, so i logged on as Admin, unlocked my account and then logged back on normally only to find an Exchange prompt box requesting my username and password to our mail server which was opened by Outlook. Basically, what i'm looking for is a few idea's or solutions i can try to rid my machine of this setting, it is definitely no longer part of any of our GPO's and still seems to be applying itself some how. Any help in trying to resolve this issue would be greatly appreciated as it is becoming more and more of a serious problem. if you require any more information don't hesitate to ask. I am running Windows Vista Business SP1 and Outlook 2007 SP1 - both are also fully patched and up to date installs Thanks JB

Just to test, can you rename your profile on your computer, login with a fresh profile and check if the lock-out still occurs? Just trying to isolate the possibility that profiles got corrupted or some cached offline files causes this issue you have described.Regards,Salvador Manaois IIIMCITP | Server/Enterprise AdministratorMCSE MCSA MCTS C|EH CIWABytes & Badz: http://badzmanaois.blogspot.com