Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1099 | 4.004 | SV-29643r1_rule | Medium |
Description |
---|
This parameter specifies the amount of time that must pass before a locked-out account is automatically unlocked by the system. |
STIG | Date |
---|---|
Windows 2008 Domain Controller Security Technical Implementation Guide | 2016-05-12 |
Check Text ( C-3205r1_chk ) |
---|
Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Account Policies -> Account Lockout Policy. If the “Account lockout duration” is not set to "0", requiring and administrator to unlock the account, then this is a finding. |
Fix Text (F-6571r1_fix) |
---|
Configure the system so that the bad logon lockout duration conforms to DoD requirements. |