| 79 |
| Lockout policy for Administrator account |
| The Administrator account is an exposed user account; hackers want to know this account's |
| password. Unfortunately, the Windows 2000 operating system makes it easy for hackers to get |
| Administrators can define a special lockout policy for user accounts. If hackers try to guess the |
| password, the operating system will lock the account for a certain period of time after the defined |
| number of unsuccessful logons. For instance, the operating system can lock out an account for 30 |
| minutes after three unsuccessful logons. This protects user accounts from password guessing |
| This lockout policy has no effect on Administrator accounts. This means that hackers can try |
| unlimited passwords on the Administrator account, and the account will never be locked. |
| There is a partial solution to this problem. Microsoft has shipped a utility called admnlock that can |
| enable the lockout of the Administrator account from the network. Here's the code you'd use: |
| Just run the utility with /e switch:| |
| Unfortunately, Microsoft has discontinued admnlock. If you're running Windows 2000 SP2 or later, |
| you can achieve the same function by using passprop /adminlockout from the Windows NT 4 |
First Previous Next Last |