Account Lockout Policy settings determine the circumstances and length of time that the account will be locked out. These settings do not affect CloudBlue Commerce, therefore you can configure them as you want. However, if you do not want the policy settings to be configured every time a user enters incorrect information unintentionally, specify the settings within the following parameters:
|
Parameter |
Description |
Recommended Value |
|---|---|---|
|
Account Lockout Threshold |
Allowed number of attempts to enter the password (in case of honest mistakes and typographical errors). After this number is reached, the user account is locked out. |
5-7 |
|
Reset Account Lockout Counter After |
Number of minutes after which the failed logon attempt counter is reset to 0 if the number attempts is less then Account Lockout Threshold. |
20-60 minutes |
|
Account Lockout Duration |
Number of minutes the account remains locked even if a user enters the correct password. We recommend that you leave the account locked long enough to block or deter any potential attacks. On the other hand, too long lockout duration will interfere with productivity of legitimate users. |
60-90 minutes |
These settings will be applied to any workstations that is a member of the domain.
To configure Account Lockout Policy, do the following:
- Log on to
AD01as a member of the Domain Admins group. - Go to Start > Control Panel > Administrative Tools > Group Policy Management (Windows Server 2008 (R2)). In Server Manager, click Tools and select Group Policy Management (Windows Server 2012 (R2)).
-
Expand the tree, then right-click the Default Domain Policy Group Policy Object. Click Edit.
-
In Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Account Lockout Policy.
- In the right pane, right-click a policy, then click Properties. and set the policy according to the recommendations of the table above.