Account Lockout policy for IIS6

I am running IIS6 on a windows 2003 server. I need to set an account lockout policy to prevent brute force attacks on the web sites being hosted on the server.

Do I need to do anything else other than set a local security policy on the windows 2003 server which is hosting IIS6 and my websites?

I know how to set an account lockout policy on the local server that host the IIS6 server by going to GPO Editor  Computer Configuration  Windows Settings  Security Setting  Account Policies  Account Lockout Policy.  Is there anything else I need to do?

Thanks,
SHAXAsked:
Who is Participating?
 
r-kConnect With a Mentor Commented:
As far as I know that should be adequate.

Note that the Administrator account cannot be locked out, so use a strong password for that (at least 10 chars or more).
0
 
mahe2000Connect With a Mentor Commented:
it depends on the application, i think you are talking about integrated security, you can change your settings in the local security policy (accoiunt policies/ account lockout) to establish the attepmts... in my point of view... 3 are all right!!!
0
All Courses

From novice to tech pro — start learning today.