Re: Reset account lockout counter after

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/18/05


Date: Mon, 18 Apr 2005 14:43:11 -0500

I believe you can set it to whatever you want if the lockout duration is 0.
FYI MS recommends that lockout threshold be no less than ten bad attempts.
Account lockout is a dual edge sword that can result in DOS attacks against
your users. Unless required by external policy, many places are not using
account lockout if they are enforcing strong passwords or better yet pass
phrases. --- Steve

"Nhut Minh Tran" <Nhut Minh Tran@discussions.microsoft.com> wrote in message
news:3E6F72DC-6868-405D-A80D-1A2C2285A6CB@microsoft.com...
> Our default domain account lockout policy is set like this:
>
> Lockout Duration = 0 (I want Aministrator manually unlock)
> Lockout Threshold = 4
> Reset Counter After = ???
>
> Microsoft say about Reset account lockout counter after:
> If an account lockout threshold is defined, this reset time must be less
> than or equal to the Account lockout duration. So how can I set Reset
> Counter
> After <= Lockout Duration???
>
> Thanks,
>
> Nhut
>
>
>
>