AD Account Lockout duration
Posted on 2012-03-09
Hello, I have a quick question one of you folks may be able to answer.
I need to find out what the current ISO, etc industry standard AD lockout duration recommendations are. Ive found that NIST and the NSA recommend 15 minutes and SANS recommends 240 minutes but I would like to have another source (hopefully in black and white terms) so that I can bring that info to my CIO.
Currently we have it set to 0, this requires me to unlock every locked account manually.