Account lockout duration is not configured to 1440 mins (1 day)
Description
"Account lockout threshold:" The number of failed logon attempts that will cause a user account to be locked. "Account lockout duration:" The number of minutes a locked-out account remains locked out before getting unlocked automatically. Attackers can try to guess the password or use brute force attacks to crack the password. The Account lockout duration must be set to 1440 minutes (1 day) to delay hackers attempts to crack the password.
Severity
Critical
Category
Logon Security
Resolution
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Account Lockout Policy >> "Account lockout duration" to "1440" minutes or greater.A value of "0" is also acceptable, requiring an administrator to unlock the account
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.