Creating an Account Lockout Policy
1. From the Windows Server 2003 desktop, click Start | Administrative Tools | Active Directory Users and Computers.
2. Right-click the domain you want to administer, and then select Properties.
3. Select the Default Domain Policy, and click the Edit button.
4. Navigate to the account lockout policy by clicking Computer Configuration | Windows Settings | Security Settings | Account Policies | Account Lockout Policy. You'll see the screen shown in Figure 3.7.
- Figure 3.7 Account Lockout Policy Objects
Using Account Lockout Policy, you can configure the following settings:
■ Account lockout duration This option determines the amount of time that a locked-out account will remain inaccessible. Setting this option to 0 means that the account will remain locked out until an administrator manually unlocks it. Select a lockout duration that will deter intruders without crippling your authorized users; 30 to 60 minutes is sufficient for most environments.
■ Account lockout threshold This option determines the number of invalid logon attempts that can occur before an account will be locked out. Setting this option to 0 means that accounts on your network will never be locked out.
■ Reset account lockout counter after This option defines the amount of time in minutes after a bad logon attempt that the "counter" will reset. If this value is set to 45 minutes, and user jsmith types his password incorrectly two times before logging on successfully, his running tally of failed logon attempts will reset to 0 after 45 minutes have elapsed. Be careful not to set this option too high, or your users could lock themselves out through simple typographical errors.
For each item that you want to configure, right-click the item and select Properties. To illustrate, we create an Account lockout threshold of three invalid logon attempts. In the screen shown in Figure 3.8, place a check mark next to Define this policy setting, and then enter the appropriate value.
- Figure 3.8 Configuring the Account Lockout Threshold
Average user rating: 1 stars out of 1 votes
Post a comment