[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98218

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Reset account lockout counter after

ID: oval:org.secpod.oval:def:22954Date: (C)2015-01-07   (M)2017-11-21
Class: COMPLIANCEFamily: windows




This policy setting determines the length of time before the Account lockout threshold resets to zero. The default value for this policy setting is Not Defined. If the Account lockout threshold is defined, this reset time must be less than or equal to the value for the Account lockout duration setting. If you leave this policy setting at its default value or configure the value to an interval that is too long, your environment could be vulnerable to a DoS attack. An attacker could maliciously perform a number of failed logon attempts on all users in the organization, which will lock out their accounts. If no policy were determined to reset the account lockout, it would be a manual task for administrators. Conversely, if a reasonable time value is configured for this policy setting, users would be locked out for a set period until all of the accounts are unlocked automatically. This policy setting determines the length of time before the Account lockout threshold resets to zero. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy!Reset account lockout counter after (2) WMI: root\rsop\computer#RSOP_SecuritySettingNumeric#Setting#KeyName='ResetLockoutCount' And precedence=1

Platform:
Microsoft Windows Server 2012 R2
Reference:
CCE-36883-7
CPE    1
cpe:/o:microsoft:windows_server_2012::r2:x64
CCE    1
CCE-36883-7
XCCDF    3
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_general_Windows_2012_R2
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2012_R2

© 2013 SecPod Technologies