How it works...
The Default Domain Policy contains password and account lockout policies. By default, the password part of these policies is enabled, but the lockout part is not. For some organizations, this makes sense. Other organizations might consider it a security best practice to enable account lockout, as these prevent brute force password attacks; when an attacker uses the maximum number of passwords within a certain amount of time, the user account is locked-out for an amount of time. All three metrics can be set in the lockout part of password and account lockout policies.
From Windows Server 2008 Active Directory onward, fine-grained password and account lockout policies can be used to set the metrics for a specific user account ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access