?
Solved

Account Lockout policy for IIS6

Posted on 2008-06-20
2
Medium Priority
?
569 Views
Last Modified: 2008-08-06
I am running IIS6 on a windows 2003 server. I need to set an account lockout policy to prevent brute force attacks on the web sites being hosted on the server.

Do I need to do anything else other than set a local security policy on the windows 2003 server which is hosting IIS6 and my websites?

I know how to set an account lockout policy on the local server that host the IIS6 server by going to GPO Editor  Computer Configuration  Windows Settings  Security Setting  Account Policies  Account Lockout Policy.  Is there anything else I need to do?

Thanks,
0
Comment
Question by:SHAX
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 1000 total points
ID: 21835324
As far as I know that should be adequate.

Note that the Administrator account cannot be locked out, so use a strong password for that (at least 10 chars or more).
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 1000 total points
ID: 21939469
it depends on the application, i think you are talking about integrated security, you can change your settings in the local security policy (accoiunt policies/ account lockout) to establish the attepmts... in my point of view... 3 are all right!!!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question