Information Technology Reference
In-Depth Information
Microsoft TechNet: “ Sample VSA for a US Robotics NAS” (
http://www.microsoft.com/
technet/prodtechnol/windowsserver2003/library/ServerHelp/
4f2719d3-0901-4e08-936f-f9cefae5dbb1.mspx
)
IANA, “Network Management Parameters,” for SMI network management private
enterprise codes (
http://www.iana.org/assignments/smi-numbers
)
6-13. Configuring Remote Access Account Lockout
Problem
You want to configure remote access account lockouts on a Windows Server 2003 computer.
Solution
Using the Registry
To configure an individual computer to lock out a user account after three invalid remote
access authentication attempts, modify the following Registry value:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\
Parameters\AccountLockout]
"MaxDenials"=dword:3
■
Note
Set this value to 0 to disable remote access account lockouts.
To configure an individual computer to lock out a user account for 30 minutes, modify the
following Registry value:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\
Parameters\AccountLockout]
"ResetTime (mins)"=dword:30
■
Note
By default, the Registry Editor displays this value in hexadecimal format. Click the Decimal radio
button to enter the value normally.
Using a Command-Line Interface
The following command configures the remote access account lockout threshold to five failed
remote authentication requests:
> reg add HKLM\System\CurrentControlSet\Services\RemoteAccess\Parameters\
AccountLockout /v MaxDenials /t REG_DWORD /d 5 /f
