The built-in administrator account cannot be locked out, regardless of how many times an attacker might use an invalid password. This makes the administrator account an easy target for brute-force attacks that attempt to guess the password.
User Account Management
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Accounts: Administrator account status" to "Disabled".
Does remediation require reboot?
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.