Recommended Settings
| Policy | Recommended Settings | Information |
| Account lockout duration | 10 minutes | Once the maximum limit of the experiment is reached, the account will be locked for 10 minutes before it can be tried again. |
| Account lockout threshold | 10 Experiments | Allows legitimate users to make some mistakes without being locked out, but restricts attackers. |
| Reset account lockout counter | 10 minutes | Sets the time at which the number of failed attempts will be reset if there are no new attempts within the period. |
Steps to Implement Local Account Policies
Implementing good local account policies is essential to improve system security. Here are the steps you can take to enforce this policy, either by using Group Policy for domain-connected computers or by using Local Security Policy for local configurations.
Other Interesting Articles
1. Using Group Policy for Computers Connected to Domains
For domain-connected computers, administrators can leverage Group Policy to centrally set local account policies. Here are the steps:
- Access Group Policy Management Console (GPMC) on a server or computer with administrative access rights.
- Select the appropriate organizational unit (OU) and create a new GPO or edit an existing one.
- Inside the GPO, navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies.
- Adjust settings such as Password History, Maximum Password Age, Minimum Password Length, and Account Lockout Threshold according to safety recommendations.
2. Configure Local Policies with Local Security Policy
For computers that are not connected to a domain, administrators can use Local Security Policy to set local account policies. Here are the steps:
- Type secpol.msc in the Run (Windows + R) window and press Enter.
- Inside Local Security Policy, navigate to Security Settings ->Â Account Policies.
- Adjust the settings as in the Group Policy, including settings for passwords and account lockouts.
3. Policy Adjustment According to Company Needs
Once the basic policy is in place, it is important to tailor the policy according to the specific needs of the company. Some of the adjustment steps include:
- Conduct a risk analysis to determine the required level of security based on the sensitive data managed by the company.
- Engage stakeholders from different departments to understand their needs regarding access and security.
- Before implementing a policy broadly, test it on a small group of users to ensure that it doesn’t interfere with productivity.
- Policies should be reviewed regularly and updated by technological developments and new security threats.
Improves Local Account Security
Improving the security of local accounts is essential to protect the system from cyberattacks. Here are some steps you can take to strengthen the security of your local account:
1. Enable Multi-Factor Authentication (MFA)
Autentikasi multifactor (MFA) is a method that requires more than one way to verify identity before accessing an account. By enabling MFA, users must do more than just enter a password, such as:
- Use an authenticator app to get the code.
- Receive the code via SMS or email.
- Use biometric features such as fingerprints or facial recognition.
Implementing MFA can significantly reduce the risk of unauthorized access, even if the user’s password is successfully guessed by an attacker.