Check or Attack Name: Lockout Duration

The lockout duration is less than the value specified in the current policy. This value specifies how long an account is locked out if too many logon failures occur within the period of time specified by in User Manager. If the lockout duration is too short, or if account lockouts are not enabled, attackers can easily brute force your accounts.

Set the lockout Duration value so that it equals or exceeds the value in the current policy.

To change the account lockout duration, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select Account to display the Account Policy dialog box.
3. Enable Account Lockout.
4. Set the Duration field to a value that is less than or equal to the value in the current policy.
5. Click OK.