|
Oh I see that based on at least a couple responses here and the desire to create code around it.
I'm just saying that I think Management or someone else is/was in charge of setting that lockout duration. Maybe you're Company is somehow under attack from hacking tools or users inside (often the case that an insider is the one doing the attack than outsider) and that is the reason for having a lockout so that you can't automate a tool against an account in that manner (there or other methods). But in a very large network of 140K desktops and 4K+ Servers we never had an account cracked on NT that we were aware of. Yes we have caught people inside using tools to attack accounts (again a reasonable lockout duration puts a big damper on that). We also found Admins copying the security databases and trying to crack them (no duration lockout will thwart that). We did have all types of attacks "attempted" from outside but none of them hacked a NT account. We did have a couple of FTP accounts on Linux hacked though one of which also lead to root take over. On a different subject - Web attacks on Windows boxes have been more successful than most other methods.
So I still have to ask WHY!!! I just see it as adding a layer of un-needed support on one end to open it back up, and also creating a non productive user for anywhere from an hour to a day or more???
My view is that we as IT Professionals are here to ENABLE users not CONTROL users.
| 
