The built-in administrator account cannot be locked out, regardless of how many times an attacker might use an invalid password. This makes the administrator account an easy target for brute-force attacks that attempt to guess the password.
User Account Management
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Accounts: Administrator account status" to "Disabled".
Vulnerability Manager Plus helps you to monitor security configurations and resolve misconfigurations in your network systems from a centralized console.