"Reset Lockout Counter after" is not configured to 30 minutes
Description
"Account lockout threshold:" The number of failed logon attempts that will cause a user account to be locked. "The Reset account lockout counter after": The number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0. For example, assume that the "account lockout threshold" is configured to lockout accounts after 5 failed logon attempts and "reset account lockout counter after" is set to 2 minutes. If the attacker performs 4 failed logon attempts and the fifth logon attempt within 2 minutes from the 4th logon attempt, the account will be locked. However, if the attacker tries the 5th logon attempt after the completion of this 2 minutes, this attempt will be considered as the first attempt. In this manner, he can repeatedly try multiple attempts without the account getting locked out. The best practice is to configure "reset account lockout before" to 30 minutes to delay attacker''s attempts to crack the password.
Severity
Moderate
Category
Logon Security
Resolution
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Account Lockout Policy >> "Reset account lockout counter after" to "30" minutes.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
