Merhaba,

Account lockout policy, kerberos policy ve password policy domain bazinda ayarlanan politikalardir, tektirler ve sadece default domain policy'den ayarlanabilir. Diger politikalarda yapacaginiz bu ayarlar sadece politikadan etkilenen local hesapları etkiler. Yani belirtiginiz ayarlari Default Domain policy'de yapmaniz gerekirdi (Not içerisinde kalın karakterler ile nedeni aciklanmış).


http://www.microsoft.com/technet/sec.../s3sgch03.mspx ve http://www.microsoft.com/technet/sec.../tcgch02n.mspx makalelerini de incelemenizde fayda var.

Note: For domain accounts, there can be only one Account policy per domain. The Account policy must be defined in the Default Domain Policy or in a new policy that is linked to the root of the domain and given precedence over the Default Domain Policy, which is enforced by the domain controllers that make up the domain. A domain controller always pulls the Account policy from the root of the domain, even if there is a different Account policy applied to the OU that contains the domain controller. The root of the domain is the top level container of the domain, not to be confused with the root domain in a forest; the root domain in a forest is the top level domain within that forest.