Check or Attack Name: Lockout Window

The lockout observation window is less than the value specified in the current policy. The Lockout Window specifies what period of time passes before the incorrect login count is reset. If the duration is too short, or if account lockouts are not enabled, attackers can more easily brute force your accounts.

Set the Reset Count After value so that it equals or exceeds the Lockout Window value in the current policy.

To change the account lockout duration, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select Account to display the Account Policy dialog box.
3. Enable Account Lockout.
4. Set the Duration field to a value that is less than or equal to the value in the current Internet Scanner policy.
5. Click OK.