An error occurred:

Check: 4.003

Windows XP STIG: 4.003 (in versions v6 r1.32 through v1 r0)

Title

Time before bad-logon counter is reset does not meet minimum requirements. (Cat II impact)

Discussion

This parameter specifies the amount of time that must pass between two successive login attempts to ensure that a lockout will occur. The smaller this value is, the less effective the account lockout feature will be in protecting the local system.

Check Content

Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Account Policies -> Account Lockout Policy. If the “Reset account lockout counter after” value is less than 60 minutes, then this is a finding.

Fix Text

Configure the system to have the lockout counter reset itself after a minimum of 60 minutes.

Additional Identifiers

Rule ID: SV-29636r1_rule

Vulnerability ID: V-1098

Group Title: Bad Logon Counter Reset

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check