The built-in administrator account cannot be locked out, regardless of how many times an attacker might use an invalid password. This makes the administrator account an easy target for brute-force attacks that attempt to guess the password.
Severity
Critical
Category
User Account Management
Resolution
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Accounts: Administrator account status" to "Disabled".
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
