We use a draconian policy of 3 logon attempts before lockout, no reset, lockout forever, and force this to all devices connected to W2K domain. When laptops are used remotely, users being users invariably lockout their account and then either have to bring it back to be unlocked, or support visits to unlock.
How can we give them a local admin account to use for unlocking without allowing them to log on locally when connected to the domain, and abusing the admin rights while connected to the domain, i.e. viewing $ shares?
Thanks for your help.
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!