Reset account lockout counter after

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Object Access » Reset account lockout counter after

A brief look at configuring Reset account lockout counter after policy

The Reset account lockout counter after policy setting describes the number of minutes that must elapse after a user fails to log on before the failed logon attempt counter is reset to 0. If Account lockout threshold value is configured greater than zero, this reset time must be less than or equal to the value of Account lockout duration.

The possible values that can be adopted for this setting can lie between a range of 1 to 99,999. This configuration can be left undefined.

Recommended Practices:

You need to evaluate the level of threat your organization faces and balance it against the cost of your time and effort in resetting the password. This decisions is organizations dependent. However, the Microsoft recommend setting the Reset account lockout counter after policy setting to 15.

Security Implications and combative measures:

There are some security issues to consider about this policy setting's configuration. If the value is set to a long interval a malicious entity could make repeated attempts to log into a user's account and lock out their accounts, resulting in a denial-of-service (DoS) attack. This leads to administrators having to reset accounts for compromised users in an organization. If you configure this policy setting to a reasonable value you can block high speed brute force attacks and provide enough number of chances for users who mistype their passwords. Ensure you notify users of the number of login attempts that they're allowed and for how long they should wait for the lockout timer to expire before they inform the IT administrator.

About ADAudit Plus

ADAudit Plus is a real time change auditing software that helps keep your Active Directory, Azure AD, Windows file servers, NetApp filers, EMC file systems, Synology file systems, Windows member servers, and workstations secure and compliant. With ADAudit Plus, you can get visibility into:

  • Authorized and unauthorized AD management changes
  • User logons, logoffs, and account lockouts
  • GPO changes
  • Group attribute and membership changes
  • OU changes
  • Privileged access and permission changes
  • Azure AD logons, and changes to roles, groups, and applications
  • PowerShell scripts and modules

among other things.

There are more than 200 event-specific reports, and you can configure instant email alerts. You can also export the reports to XLS, HTML, PDF and CSV formats to assist in interpretation and forensics. For more information on ADAudit Plus, visit: https://www.manageengine.com/active-directory-audit/.

Explore Active Directory auditing and reporting with ADAudit Plus.

  •  
  •  
  •  
  • By clicking 'Schedule a personalized demo' you agree to processing of personal data according to the Privacy Policy.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing