Is there a setting in windows server to limit the number of login attempts if wrong password is used? I remember doing this with a nix server but cannot find anything like that in windows 2003. Am I blind or :stupid:

Thanks ahead of time,

-- Dave

I believe it's a user policy setting, but I don't know off the top of my head the steps I would take a look at user policies to see if you find the setting.

Thanks, but still cannot find a thing on this.

Anyone else know how to accomplish this?

-- Dave

Try Local Security Policy in Administrative Tools. Under Account Policy, there should be an Account Lockout Policy with various lockout settings.
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3498011

Try Local Security Policy in Administrative Tools. Under Account Policy, there should be an Account Lockout Policy with various lockout settings.
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3498011

That was EXACTLY what I was looking for. :thanks:

Thanks a million!

-- Dave

That was EXACTLY what I was looking for. :thanks:

Thanks a million!

-- Dave

The negative side of this is it can be used for DoS where the user get's locked out as well.

The negative side of this is it can be used for DoS where the user get's locked out as well.

Yeppers, I thought of that also. Wish there was a way to have the system also check when both user name and password is both wrong and entered X times then lock out the IP of the attacker.

Know of anything like that?

I assume everyone knows to rename the administrator account.