deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

edits

Browse Source
This commit is contained in:
Justin Hall 2018-10-26 13:49:58 -07:00
parent af48945a65
commit 0be53eeed6
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: brianlic-msft author: brianlic-msft
ms.date: 10/25/2018 ms.date: 10/26/2018
--- ---
# Account lockout threshold # Account lockout threshold
@ -93,7 +93,7 @@ Because vulnerabilities can exist when this value is configured and when it is n
- A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment. - A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment.
- Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account. - Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account.
Windows security baselines recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack. [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack.
Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it is needed to help mitigate massive lockouts caused by an attack on your systems. Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it is needed to help mitigate massive lockouts caused by an attack on your systems.
### Potential impact ### Potential impact

4
windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: brianlic-msft author: brianlic-msft
ms.date: 10/25/2018 ms.date: 10/26/2018
--- ---
# Reset account lockout counter after # Reset account lockout counter after
@ -60,7 +60,7 @@ Users can accidentally lock themselves out of their accounts if they mistype the
### Countermeasure ### Countermeasure
Configure the **Reset account lockout counter after** policy setting to 15. [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring the **Reset account lockout counter after** policy setting to 15.
### Potential impact ### Potential impact