Admin-Ahead Community
Windows => Server Security & Hardening => Topic started by: Jithin on December 06, 2013, 08:10:21 pm
-
Hi Guys,
Windows Server 2003 and later server versions includes an account lockout feature that will disable an account after a number of logon failures specified by an administrator. For maximum security, enable lockout after 3 to 5 failed attempts, reset the count after not less than 30 minutes, and set the lockout duration to Forever (until admin unlocks).
This is a part of Windows Server policy and is set in the Domain Security Policy tool, which you can find under Administrative Tools on a domain controller. Select Security Settings, then select Account Policies and click Account Lockout Policy. To set lockout duration to Forever, enter a "0." Because this is domain-wide policy, you only have to perform this action once.