No announcement yet.

AD Lockout Time - Whats yours??

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Lockout Time - Whats yours??

    Does anyone have any advice on what the "recommended" auto-unlock time is for an AD account.

    We currently have the following:

    3 incorrect password attempts then the AD account locks
    This will automatically unlock after 30 mins
    The user then has another 3 passwords attempts

    What do other people have set up?

    I am thinking of changing this to 10 mins but wanted to get a feel for what other people have. Or is there an industry standard that anyone knows of.

  • #2
    Re: AD Lockout Time - Whats yours??

    It mainly depends on your security enviornment and how many calls you want to your helpdesk. Changing it to 10 minutes may reduce helpdesk calls as they may go away, have a cup of tea and then try again. Leaving it at 30 minutes may make them ask the helpdesk.


    • #3
      Re: AD Lockout Time - Whats yours??

      Do you have any corporate or regulatory requirements you need to meet?

      If not, discuss with management before changing things

      I think you have the default microsoft settings so thats probably as close to a standard as anyone has
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **


      • #4
        Re: AD Lockout Time - Whats yours??

        This is the exact reason I wanted to change it. Its more for outside of business working hours and IT staff cant be reached.