RE: 2 SBS2003 Questions...

Hi Craig,

Thanks for posting here.

It appears that you are dealing with multiple issues that will require
individual attention to ensure that we are not counter-productive in out
support efforts. A suggestion in this post would be to post these issues
separately so that contributors within this newsgroup who specialize in
certain feature will be able to provide the 'value add' to resolving these
issues.

It is important to us that we provide you with the best support possible
and by breaking down these issues separately we will be able to address
them appropriately and in a timely manner.

Thank you for your patience and understanding.

Here, I will focus on your first question.

Q1. From your post, I understand that you want to know how to configure
sbs2003/ISA server to block connections from a specific IP if they fail to
login say more than 30 times. If I am off base, please feel free to let me
know.

Answer: you can use the Account locked out policy in Group Policy to reach
your goal. To do so:

Open "Default Domain Policy" -> Computer Configuration -> Windows Settings
-> Security Settings -> Account Policies -> Account lockout threshold, you
can set the account lockout threshold to 30 invalid logon attempts, and set
the long time for "Account lockout duration".

Also, I suggest you enable User logon audit to monitor the event log to see
what happen.

To enable audit:

1. On the SBS Server, click Start -> Run, type DSA.MSC and click OK.
2. Right click the domain node, select Properties.
3. Go to Group Policy tab, select the Default Domain Policy, click Edit
button.
4. Expand Computer Configuration\Windows Settings\Security Settings\Local
Policies\Audit Policy.
5. Double click the following policies, select to define this policy and
audit Success and Failure attempt:
Audit Account Logon Events
Audit Account Management
Audit Logon Events
6. Open Command Prompt, type the following command:

Gpupdate /force

I hope the above information helps.

Have a nice day.

Best Regards,

Steven Zhu
MCSE
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
updated on February 14, 2006.? Please complete a re-registration process
by entering the secure code mmpng06 when prompted. Once you have
entered the secure code mmpng06, you will be able to update your profile
and access the partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================

.