Locked Out Account Unlocks after reboot

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have the account lockout policy set so that only an admin can reset a
locked out account after 5 failed login attempts. This should stay true even
after a reboot but does not. It allows that same user to try to login after
the machine is rebooted. Is there a way to hold this lockout policy even
after the machine has a hard reset?
 
Why are you even using a lockout policy? Account lockouts are
wonderful attack tools: users can denial-of-service themselves out of
their own accounts, attackers can DoS entire domains.

Account lockout is a security best practice hold-over from the old
days. Now, it just creates more work for your admins and expense for
your company. If you're afraid of password-guessing attacks, then your
passwords aren't strong enough. Enable strong passwords and you can
eliminate password lockouts, thus saving yourself money and time and
freeing up your admins to work on more important things.

Steve Riley
(e-mail address removed)
 
This is for a testing machine in a lab that needs to meet security criteria
to hold classified material. It is a local computer off the network. We are a
small company and there will only be a few users with access to that computer
anyways. So I am using lockout policy due to Department of Defense
requirements. Without this we can not sell classified products.

I have figured out what was happening but still need a solution. After the
5th attempt and the logon screen goes gray there is about a minute before the
account actually gets locked out and the message comes up saying that the
account is locked and that an administrator must unlock it. It was in that
minute that I was ressetting the machine by pressing the power button. Is
there a way to make the lockout immediate or minimize this pause?

Thank you again,
Sean
 
Back
Top