Windows local admin lockout feature: Availability
The company’s official blog mentions that new machines that include Windows cumulative updates before they are set up will have this feature enabled as default. However, machines that are already running supported Windows versions and need to separately install this new update will have to manually enable the feature.
Windows local admin lockout feature: How it works
Hackers using brute-force phishing attacks when successfully cracks the password of a system can take over all the other systems that are connected to the local admin account. To prevent this, Microsoft has announced the local admin account lockout feature.
According to Microsoft, hackers often initiate these phishing attacks with the help of the remote desktop protocol (RDP) feature that works over a network and is frequently targeted by ransomware groups who try to gain access to systems. The local admin account lockout feature will prevent hackers from taking over all the connected devices if one of them is compromised.
This new feature has four settings that include — enabling the local admin account feature, the number of failed attempts before the feature is activated, the time taken by the feature to activate after the last failed attempt and the duration of the lockout.
Microsoft recommends users enable the feature and set the rest of the options to 10. This will mean that the account lockout feature will automatically activate after 10 failed attempts, within 10 minutes of the last attempt and will continue for 10 minutes after the attack. When the time count is over the account will unlock automatically.
Apart from this, the company will also enforce password complexity on new machines that uses a local administrator account. These machines will need at least three of the four basic character types (lower case, upper case, numbers, and symbols) in their passwords. This will further secure the systems against brute-force attacks.