When setting up the Windows networks with account lockouts for failed logins I would recommend a 10/10/60 as a baseline
10 Failures over 10 minute with a 60 minute lockout. the lockout can be longer but I found going lower on the other values can lead to accounts getting locked for Kerberos ticket failures when people leave them self's logged in.
No comments:
Post a Comment