As we have always mentioned in Solvetic, the security of information and equipment is one of the most important bastions and foundations that we must take into account and every day we must monitor and improve its parameters within the server and each domain equipment.
The most important factor when it comes to security is related to users since many of them leave large security breaches on their computers and from there experts can access and modify or eliminate information, roles and other domain parameters.
Main security flaws that users commit
- Weak passwords, ask to create a strong password
- Shared users
- Leave sessions open
- Lend the password, among other faults.
In this analysis we are going to talk about a topic that we often don't consider and is to limit the attempts to log in to the domain.
Why limit logins in the domain
Basically the reason is very simple: Increase security. We know that the attacks that our network can suffer is through the connections with the credentials of a user and one of the most common forms is the brute force attack which consists of constantly entering passwords until the correct decryption is achieved and thus Enter the domain and perform the tasks to be executed.
How they can access our domain in an unauthorized way
- Theft of files and information.
- Modification of roles or characteristics.
- Enable access to unauthorized people to the domain.
- Disable domain objects, among others.
If we manage to restrict the number of logins we will increase the security levels since only users will be able to enter the system with their password and if after a specific number of attempts they cannot connect their account will be blocked and there they will have to resort to the help of the domain administrator. Let's see how to limit login attempts and thus obtain more secure environments. For this study we will use a computer with Windows Server 2016.
The following video tutorial contains the steps you will see below and will help you to create a policy that generates a restriction on login attempts.
1. Start Group Policy Manager in Windows Server 2016
To create this limit we will open the group policy manager as follows:
- Start
- All applications
- Management tools
- Group Policy Manager
2. Create policy to set the logins limit in Windows Server 2016
Step 1
To create this policy we deploy our domain, in this case Solvetic.com we will right click on "Default Domain Policy" and select the "Edit" option:
Step 2
We will see that the following window opens where we must go to the following route:
- Equipment configuration
- Directives
- Windows settings
- Security settings
- Account Policies
- Account Lockout Policies
Step 3
We can see on the right side 3 options, we will edit the policy Account lock threshold, double click on it or right click / Properties and we will see that the following window is displayed:
Step 4
As we see the value is at 0 which indicates that the account will not be blocked regardless of the number of logins. We can define the number of attempts we wish to establish so that the account is blocked after several failed login attempts. (The value is between 0 and 999):
Step 5
Click Apply to save the changes and the following message will be displayed:
Step 5
This message indicates that the directives deployed will be modified because they are associated with the policy we have modified. Click Accept and we will see that the policy has been adjusted according to our requirement.
Note
If we want to establish that the account is unlocked automatically, we must adjust the policy “Reset account lock after”.
$config[ads_text5] not foundThis option allows the user's account to be automatically unlocked after a period of time if the user has not contacted the administrator for their respective unlocking. We have been able to analyze how by editing this policy we can increase the security levels of our domain and all the content that is within it.
Articles