In an active directory environment (windows 2003), I want to ensure lockout
for administrator accounts also, in order to protect against attempts to
brute force account password. The flipside is, we might have a DoS situation
but I can live with it. Is there a tool I can deploy to ensure that admin
account also locks out after certain no. of attemps?
Also, ONLY for admin accounts, I want to enforce certain settings like:
Password should contain atleast 15 characters, should not contain a
dictionary word etc.
My normal password policy for AD user accounts, set at the domain level is a
minimum of 8 chars but I want to deploy this special policy of 15 chars
minimum for admin accounts.
How should I go about this?