Reset account lockout counter after

G

Guest

Our default domain account lockout policy is set like this:

Lockout Duration = 0 (I want Aministrator manually unlock)
Lockout Threshold = 4
Reset Counter After = ???

Microsoft say about Reset account lockout counter after:
If an account lockout threshold is defined, this reset time must be less
than or equal to the Account lockout duration. So how can I set Reset Counter
After <= Lockout Duration???

Thanks,

Nhut
 
S

Steven L Umbach

I believe you can set it to whatever you want if the lockout duration is 0.
FYI MS recommends that lockout threshold be no less than ten bad attempts.
Account lockout is a dual edge sword that can result in DOS attacks against
your users. Unless required by external policy, many places are not using
account lockout if they are enforcing strong passwords or better yet pass
phrases. --- Steve
 
G

Guest

Thanks,

Steven L Umbach said:
I believe you can set it to whatever you want if the lockout duration is 0.
FYI MS recommends that lockout threshold be no less than ten bad attempts.
Account lockout is a dual edge sword that can result in DOS attacks against
your users. Unless required by external policy, many places are not using
account lockout if they are enforcing strong passwords or better yet pass
phrases. --- Steve
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD accounts not being unlocked when "lockout duration" setting rea 5
Group policy, Item Account lockout duration 1
Account lockout duration=30 minutes, however account remains locked indefinitely. 5
set Account Lockout policy with Vista Home Premium: how? 3
Unable To Change Account Lockout Policy in AD 1
badPWD counter 2
Account Lockout Problems 1
Locked Out Account Unlocks after reboot 2

Top