In Server 2003 the Account Lockout Policy is a global domain setting. Therefore, you can not have different Account Lockout Policies for different OUs. They have fixed this in Server 2008.

In one of our current projects, we have a need to change the lockout setting from 4 failed attempts (our preferred setting) to 10. Is there anyway around this without building a whole new separate domain to put these computers in?

Thanks