Account lockouts are an interesting thing... :) You can create a self-inflicted DoS on your environment with them. Or, you can give people unlimited attempts to attack your passwords remotely.
I opt for password lockouts of limited duration (5 or 10 minutes), which are good enough to interfere with automated attacks and discourage manual brute-force attacks. And, no, you should not be using the local administrator account. :) Setting the password to blank is actually a good idea, as it is easier to some of the other ways that you could manipulate that account. * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Thu, Jun 14, 2012 at 9:05 AM, Christopher Bodnar < [email protected]> wrote: > One of our VP's just ran across this article and is asking for my input: > > http://technet.microsoft.com/en-us/library/cc512606.aspx > > Which seems to be recommending two things: > > Leave the built-in administrator password blank > There is no need for account lockout to be enabled > > I disagree with both assumptions. I also find it odd that this is a MS > recommendation. I'd like to hear others thoughts on these comments. > > Thanks, > > > > *Christopher Bodnar* > Enterprise Achitect I, Corporate Office of Technology:Enterprise > Architecture and Engineering Services > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
