I am running IIS6 on a windows 2003 server. I need to set an account lockout policy to prevent brute force attacks on the web sites being hosted on the server.
Do I need to do anything else other than set a local security policy on the windows 2003 server which is hosting IIS6 and my websites?
I know how to set an account lockout policy on the local server that host the IIS6 server by going to GPO Editor Computer Configuration Windows Settings Security Setting Account Policies Account Lockout Policy. Is there anything else I need to do?