Before You implement this part of the tutorial you will need to have completed Part 1
Once you have set up the Audit Policy you will need to set the number of incorrect password attempts that you will allow before activating User Account Lockout.
- Open the Security Policy Editor as you did for Part 1
- Expand the Account Policies branch, and click once on the Account Lockout Policy sub branch
- In the right hand pane double click on the Account lockout threshold setting to get the screen below.
- Lastly use the up and down arrows to set the number of failed attempts that will trigger an account lockout.
Note – you should make the number sufficiently large to allow a legitimate user a few attempts to correct spelling mistakes, or things like Caps Lock and Num Lock not being set as expected, but not so many that might allow an intruder to brute force or guess the password. We would recommend about ten to be optimal.
← Part 1 – Setting the Audit Policy Part 3 – Setting the Lockout Duration →