Account lockout policy in Group Policy
Posted on 2013-06-11
I'm trying to set account lockout because I think hackers trying to run brute-force password discovery against our mail server. If 10 attempts to login with wrong password fails, I like to lock out accounts.
However, Account Lockout Threshold Policy under Group Policy says it counts only attempt failure of logging by Ctrl+Alt+Delete or screen saver. Does it mean it will not count login failure against OWA or direct access to our mail server through telnet? If then, how to disconnect the hacker's password discovery if failuer only counts the two?