LOCKOUT_POLICY

This policy item checks for the values defined in “Security Settings -> Account Policies -> Account Lockout Policy”.

The check is performed by calling the function NetUserModalsGet with the level 3.

Usage

<custom_item>

type: LOCKOUT_POLICY

description: ["description"]

value_type: [VALUE_TYPE]

value_data: [value]

(optional) check_type: [value]

lockout_policy: [LOCKOUT_POLICY_TYPE]

</custom_item>

This item uses the lockout_policy field to describe which element of the password policy must be audited. The allowed types are:

  • LOCKOUT_DURATION (“Account lockout duration”)

    value_type: TIME_MINUTE

    value_data: DWORD or RANGE [time in minutes]

  • LOCKOUT_THRESHOLD (“Account lockout threshold”)

    value_type: POLICY_DWORD

    value_data: DWORD or RANGE [time in days]

  • LOCKOUT_RESET (“Reset lockout account counter after”

    value_type: TIME_MINUTE

    value_data: DWORD or RANGE [time in minutes]

Example

<custom_item>

type: LOCKOUT_POLICY

description: "Reset lockout account counter after"

value_type: TIME_MINUTE

value_data: 120

lockout_policy: LOCKOUT_RESET

</custom_item>