Q: Why is it that when users type their old password, their accounts aren't locked out?

A: This was a change introduced back with Windows Server 2003 known as Password history check (N-2).

Provided their accounts have password history enabled, when users try to log on, if they enter their previous password (or even the password prior to that), the badPwdCount will not be incremented, which is, in turn, used to track bad password attempts and causes the account to get locked out.

The goal of this change was to reduce the amount of account lockouts by users typing their previous password instead of the current password.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.