Creating an Account Lockout Policy will protect your account by limiting the number of time a remote application or attacker can try to guess/crack your password. This works by automatically locking out your account after a designated number of incorrect passwords were entered. Your account will remain locked out for a designated period of time before it is automatically unlocked and it can be logged into again. This provides a valuable addition to your account security because it can render brute force password attacks useless. If you have your lockout threshold set to 4 bad attempts and the lockout duration to 15 minutes, an attacker can try to guess your password a maximum of 16 times per hour.
Now that you know how valuable an Account Lockout Policy is, let’s get it setup on your computer:
1. Click on the Start Button and key in Secpol.msc and hit Enter.
2. Navigate through Account Policies and Account Lockout Policy.
3. Right click on Account lockout threshold and select Properties.
4. Enter in the value you want to use and hit OK to save. I like to use 4 here.
5. Windows will set the default values for the lockout duration and Reset account lockout counter values. If you want to change these values from the defaults (30 minutes), right click on them and select Properties. After making your changes hit OK to save and exit.
Sunday, April 29, 2007
Create an Account lockout policy in vista (prevent cracking of vista passwords)
Posted by defcon at 10:42 AM
Labels: Security Policies, Vista Security
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment