Η Microsoft ανέφερε τον Ιούλιο του 2022 ότι ετοιμάζει προστασία από επιθέσεις brute force στους τοπικούς λογαριασμούς των Windows 11 και του Windows Server 2022.
This protection is now enabled on new Windows 11 PCs and "any new systems that have installed the October 11 updates."
In other words, local accounts on new systems are automatically protected from brute force attacks. But local accounts on old machines are not protected, even if the October security updates are installed.
However system administrators can enable this protection, provided they have access to the Group Policy Editor.
The following account policies can be configured on any supported version of Windows, provided that the October 2022 security updates.
- Account lockout period: specifies the length of time in minutes that a locked account remains locked before it is automatically unlocked. A duration of 0 keeps the account locked until an administrator manually unlocks it.
- Account Lockout Limit: specifies the number of failed login attempts required before an account is automatically locked. A value of 0 disables auto-lock protection.
- Allow administrator account lockout: specifies whether administrator accounts can be locked when too many invalid login attempts are logged by the system.
- Account Lockout Counter Reset: specifies the number of minutes to elapse before the account lockout counter resets to 0.
Let's see how they are enabled or disabled in policies, depending on whether they are enabled by default or not.
- Search for gpedit and open the Group Policy Editor application.
- Follow the path: to Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy or Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policies.
- There you will find all four policies above.
- Double-click a policy to change it. All that is required is to change the default values to enable or disable them.
Your computer needs to be restarted for the changes to take effect.
For some systems protection against brute force attacks will be very useful, especially if they are accessible by others. It is quite easy to configure protections in older versions of Windows to reduce the chance of successful attacks.