Account lockout threshold is not configured to lockout accounts after 20 failed logons
Description
"Account lockout threshold:" The number of failed logon attempts that will cause a user account to be locked. "Account lockout duration:" The number of minutes a locked-out account remains locked out before getting unlocked automatically. Attackers can try to guess the password or use brute force attacks to crack the password. To prevent this, account lockout threshold must be configured to lockout accounts after 20 failed logon attempts.
Severity
Critical
Category
Logon Security
Resolution
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Account Lockout Policy >> "Account lockout threshold" to "20" or fewer invalid logon attempts (excluding "0", which is unacceptable).
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
