Re: 2 SBS2003 Questions...

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi steven,

Thanks for your reply, If i understand correctly, this just blocks logging into that account for a period of time? rather than specifically blocking that ip address. I have done as you instructed and set a 30min lock on accounts that have over 30 failed attempts. But i would prefer to lock out a specific ip address for a few days. Obviously, i couldnt lock out accounts for that long as the real users wouldnt be able to gain access.

Thanks again


"Steven Zhu [MSFT]" <v-stezhu@xxxxxxxxxxxxxxxxxxxx> wrote in message news:Pv8ht4uBHHA.5200@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Craig,

Thanks for posting here.

It appears that you are dealing with multiple issues that will require
individual attention to ensure that we are not counter-productive in out
support efforts. A suggestion in this post would be to post these issues
separately so that contributors within this newsgroup who specialize in
certain feature will be able to provide the 'value add' to resolving these
issues.

It is important to us that we provide you with the best support possible
and by breaking down these issues separately we will be able to address
them appropriately and in a timely manner.

Thank you for your patience and understanding.

Here, I will focus on your first question.

Q1. From your post, I understand that you want to know how to configure
sbs2003/ISA server to block connections from a specific IP if they fail to
login say more than 30 times. If I am off base, please feel free to let me
know.

Answer: you can use the Account locked out policy in Group Policy to reach
your goal. To do so:

Open "Default Domain Policy" -> Computer Configuration -> Windows Settings
-> Security Settings -> Account Policies -> Account lockout threshold, you
can set the account lockout threshold to 30 invalid logon attempts, and set
the long time for "Account lockout duration".

Also, I suggest you enable User logon audit to monitor the event log to see
what happen.

To enable audit:

1. On the SBS Server, click Start -> Run, type DSA.MSC and click OK.
2. Right click the domain node, select Properties.
3. Go to Group Policy tab, select the Default Domain Policy, click Edit
button.
4. Expand Computer Configuration\Windows Settings\Security Settings\Local
Policies\Audit Policy.
5. Double click the following policies, select to define this policy and
audit Success and Failure attempt:
Audit Account Logon Events
Audit Account Management
Audit Logon Events
6. Open Command Prompt, type the following command:

Gpupdate /force

I hope the above information helps.

Have a nice day.

Best Regards,

Steven Zhu
MCSE
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
updated on February 14, 2006.? Please complete a re-registration process
by entering the secure code mmpng06 when prompted. Once you have
entered the secure code mmpng06, you will be able to update your profile
and access the partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================


.

Quantcast