You administer your company network, which consists of a single Active Directory domain. All servers run Windows Server 2003. The network is connected to the Internet. A user named Stephen reports that he is unable to log on to the domain. You review security logs on domain controllers and notice several unsuccessful logon attempts that use Stephens user account, StephenG1. You suspect that a malicious user on the Internet might be attempting to guess Stephens password. To reduce the likelihood of this happening in the future, you rename Stephens account to GSte1. However, Stephen still cannot log on to the domain. You must enable Stephen to log on to the domain and access appropriate network resources immediately. You want to perform this task with the least amount of administrative effort. Which action should you perform?
A. In the Account Lockout Policy for the domain, set the account lockout threshold value to zero. B. Enable Stephen s user account. C. Delete and re-create Stephen s user account. D. Unlock Stephen s user account.
Unlock stephen\ s user account.-explanation: a domain-level account lockout policy specifies the number of times that a user can attempt to log on with an incorrect password within a specified time interval before the account is locked out. this policy also specifies the length of time that the account remains locked out. in this scenario, a hacker has probably exceeded the account lockout threshold and, thereby, caused stephens account to be locked out. you have renamed the account to reduce the risk of subsequent attacks against stephens account. however, stephens user account remains locked out. to enable stephen to start using his account immediately, you should unlock it. in active directory users and computers, you should open the properties sheet for stephens user account and clear the account is locked out option on the account tab. if you set the account lockout threshold in a domain-level group policy object (gpo) to zero, then user accounts would never be locked out. however, the accounts that are already locked out would remain locked in accordance with the account lockout duration setting that was in effect when those accounts were locked out. you cannot enable stephens user account because it has not been disabled. if you deleted stephens user account and then created a new one, then stephen would not be able to access all appropriate resources immediately. you would have to configure the new account with the same settings as those of the original account to enable stephen to access the resources that he could access with his old account. if stephen encrypted any files in the past, then he would not longer be able to access those files from his new account. the account lockout threshold policy is used to define the number of invalid logon attempts that are allowed before the account is locked out. setting this policy to zero (0) prevents account lockouts from occurring no matter how many invalid attempts are made. when the account lockout duration policy is set to zero (0), any account that is locked can only be unlocked by an administrator. it can be configured with a value of zero (0) to 99,999. a locked account is automatically unlocked after the value entered in this setting. the reset account lockout counter after policy is used to define the length of time (in minutes) after which the number of invalid attempts should be reset to zero (0). the enforce user logon restrictions policy can be enabled or disabled. by enabling this policy, all defined user logon restrictions are enforced. the binary value for this policy is either 0 (disabled) or 1 (enabled).