GartnerGroup recommends three strategies to work around this problem. The first is to change the account name to a nonintuitive name and create a dummy account. The second strategy is to require a minimum 10-character alphanumeric password. The third strategy is to require Enable failure for log-on/log-off in auditing policies. It's true that, out of the box NT never locks out the administrator account, even if account policies enable this feature. However, you can use PASSPROP, a command-line program in the Microsoft NT Server 4.0 Resource Kit, to enable account lockout for remote logons that use the administrator account. When you run the PASSPROP utility with /ADMINLOCKOUT, you make the administrator account subject to lockout policies, except for interactive logons. This way, you protect the administrator account from being attacked over the network
|
|
|
|
|
|
|
|