Here's the situation:
Single Exchange 2003 Enterprise server in the network running OWA. We have account lockout policies in place so that after 5 failed attempts to login, the user ID is locked out. Is there a way to prevent a denial-of-service attack from a malicious user from locking out the domain account? In other words, I know a user's ID; but not their password and I hate them. So, I intentionally try to log into their account 5 times with a bad password causing their domain ID to lockout.
I was trying to determine whether I can set some sort of lower limit (say 3 failed attempts) that would somehow lock the user out of OWA so that they would not be locked out of the domain they belong too; but haven't found anything remotely like that.
I looked at http://www.microsoft.com/WindowsServer2003/R2/Identity_Management/ADFSwhitepaper.mspx
but that seems like a bunch of trouble to go to simply to prevent this issue.
Anyone doing anything like this?