Can I prevent an Active Directory account from locking out?

Solution 1:

You can do it but you still need a GPO. Create a GPO that has the necessary settings, then eliminate the "apply group policy" right from the ACL. Create a group that you want to have eliminated from password lockouts, add your user(s) to the group, and assign that group the "apply group policy" right for your GPO.

Remember that GPOs are applied in the following order:

Local Site Domain OU

so be sure to apply your new GPO at the correct level so it's not stomped on by something below it.

Solution 2:

A preferred approach would be to move off of your Windows Server 2003 DC's and configure your domain for Windows 2008 functional level, you will be able to take advantage of one of the new features of Windows Server 2008: multiple password and account lockout policies.

AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc770842%28v=ws.10%29.aspx

How to raise Active Directory domain and forest functional levels
http://support.microsoft.com/kb/322692