Console logons not allowed during the lockout period with Allow Administrator account lockout policy

LMS 1 Reputation point
2024-02-11T07:22:13.1633333+00:00

In Test environment we applied Allow Administrator account lockout policy with Default Domain Policy. Through RDP we entered incorrect credential for default Domain Admin account and it gets locked. As per MS article still we should be able to login through console, but in test lab it fails and got message "Reference account is currently locked out and may not be logged on to". Can someone clarify this behavior

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,528 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. LMS 1 Reputation point
    2024-02-11T09:53:17.9233333+00:00

    Later we found that this policy is affecting only built-in local admin on member servers and PCs. With built-in Domain Admin account the account is getting locked out and it won't allow console logon during locked out period.

    0 comments No comments