Security News > 2022 > July > Using Account Lockout policies to block Windows Brute Force Attacks
A strong account lockout policy is one of the most effective tools for stopping brute force authentication attempts on Windows domains.
As an alternative, you can force an account lockout to remain in effect until an administrator unlocks the account by setting the account lockout duration value to 0.
The second group policy setting that is used as the basis of an account lockout policy is the Account Lockout Threshold setting.
Setting the Account Lockout Threshold to a value of five for example, would mean that a user's account would be locked out following five failed login attempts.
The third setting in an account lockout policy is the Reset Account Lockout Counter After setting.
Even though an account lockout policy can be configured to automatically unlock a user's account after a period of time, most organizations require an administrator to unlock accounts that have become locked.