...
Policy | Default | Recommended | Reason |
Account lockout duration | Not defined | 0 minutes | The value 0 means that after account lockout an Administrator is required to reenable the account before account lockout reset has expired. |
Account lockout threshold | 0 invalid logon attempts | 20 invalid logon attempts | The value 0 means that failed password tries never cause account lockout. |
Reset account lockout counter after | Not defined | 30 minutes | This setting sets the number of minutes after the first failed attempt during which failed attempts will be counted to determine whether the threshold (20 attempts) has been met. After this time period is up the counter will be reset until the next failed attempt. The expectation is that the combination of 30 minute lockout counter, 20 attempt threshold, and the password age, length, and complexity settings provide adequate protection against guessing attacks. |
...