You are here: Compliance Check Types > Windows Configuration > Custom Items > LOCKOUT_POLICY

LOCKOUT_POLICY

This policy item checks for the values defined in “Security Settings -> Account Policies -> Account Lockout Policy”.

The check is performed by calling the function NetUserModalsGet with the level 3.

Usage

<custom_item>

type: LOCKOUT_POLICY

description: ["description"]

value_type: [VALUE_TYPE]

value_data: [value]

(optional) check_type: [value]

lockout_policy: [LOCKOUT_POLICY_TYPE]

</custom_item>

This item uses the lockout_policy field to describe which element of the password policy must be audited. The allowed types are:

  • LOCKOUT_DURATION (“Account lockout duration”)

    value_type: TIME_MINUTE

    value_data: DWORD or RANGE [time in minutes]

  • LOCKOUT_THRESHOLD (“Account lockout threshold”)

    value_type: POLICY_DWORD

    value_data: DWORD or RANGE [time in days]

  • LOCKOUT_RESET (“Reset lockout account counter after”

    value_type: TIME_MINUTE

    value_data: DWORD or RANGE [time in minutes]

Example

<custom_item>

type: LOCKOUT_POLICY

description: "Reset lockout account counter after"

value_type: TIME_MINUTE

value_data: 120

lockout_policy: LOCKOUT_RESET

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.