Account lockout available for built-in local administrators

Hi

Today I wanted to share a nice new change Microsoft introduced in the 11 October 2022 cumulative update.

Account lockout are available for built-in local administrators for any network service (RDP, etc..) but not for Console access.

If you want to see where it’s;

It’s a nice way to be able to block password bruteforce tip.

The location is Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policies

To note if you use a Windows build 22H2 with the newer update to deploy computer the option will be Enabled by default, and Microsoft will enable the use of complex password at the same time. You can unset the later setting, but it can be a security risk. (Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy)

You can read more on the topic are; KB5020282

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s