Check or Attack Name: Locked Account

The user is locked out due to too many bad login attempts. This situation could signal a brute force password guessing attempt.

Reinstate the user and implement Logon and Logoff Failure auditing. To reinstate the user, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the user from the list.
3. From the User menu, select Properties to display the User Properties dialog box.
4. Clear the Account Locked Out check box.

—AND—

To implement Logon and Logoff Auditing, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the user account from the list.
3. From the Policies menu, select Audit to display the Audit Policy dialog box.
4. Select Audit these events. The audit choices are enabled.
5. From the Logon and Logoff field, select the Failure check box.
6. Click OK.