Information Technology Reference
In-Depth Information
How many invalid logon attempts should be permitted before the user's account is
locked out? You need to strike a balance between improving security by locking out
potential attackers without inconveniencing legitimate users by being too stringent.
Once a user account has been locked, how long should it remain that way? You can
configure the account lockout reset time to maintain the account lockout for up to
two days.
■
Caution
The remote access account lockout feature is separate from an account lockout policy configured
for a domain, and is not affected by any changes you make to Group Policy.
The reg.exe Command-Line Utility
You can use the
reg.exe
command-line utility to read, add, modify, or delete information from
the Windows Registry. You can get a full list of available command options by typing
reg /?
at
the command line. Type
reg add /?
for a fuller syntax of each individual command option. In
this case, you're using the
reg add
command with the following switches:
HKLM\System\CurrentControlSet\Services\RemoteAccess\Parameters\AccountLockout
:
The location where the key is being added or modified.
/v MaxDenials
: The name of the Registry key being added or modified. (Note that you need
to use quotes for
ResetTime
—
"ResetTime (mins)"
—because it contains a space.)
/t REG_DWORD
: The data type of the key being added or modified, in this case a
DWORD
value.
/d 60
: The actual data being stored in the new or modified key
/f
: Prompts
reg.exe
to overwrite any existing information; necessary to modify an existing
Registry key.
See Also
Recipe 6-14 for managing remote access account lockouts
Microsoft TechNet: “Registry,” (
http://www.microsoft.com/technet/scriptcenter/
scripts/os/registry/default.mspx
)
Microsoft TechNet: “Remote Access Account Lockout” (
http://www.microsoft.com/
technet/prodtechnol/windowsserver2003/library/ServerHelp/
c03f130b-ecc8-4f71-8bb2-cf447a438a18.mspx
)
Microsoft TechNet: “Backing Up and Restoring the Registry”
(
http://technet2.microsoft.com/WindowsServer/en/Library/
7cf151b7-03f3-45e9-9edb-ece32ba6a75f1033.mspx?mfr=true
)
