All,
When I go on-site to teach a WorkshopPlus, the number one call generator for helpdesk is “Account password” reset or “Account Lockouts”.
It’s also common to go to environments where the threshold for bad password attempts is set to 3. That is very Windows XP/7 or Windows 2003/2008/2008 SP1 numbers.
Q: What is the recommendation nowadays (Windows 10/Windows Server 2016/2019)?
A: “We have selected a threshold of 10 bad attempts, a 15 minute lockout duration, and counter reset after 15 minutes (10/15/15).”
For details, please go through Aaron Margosis blog post:
Configuring Account Lockout
https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/
Yong
P.S. Other “Stop hurting yourself by:” blog posts
Stop hurting yourself by: Not applying the non-security updates for Windows and Windows Server.
Stop hurting yourself by: Not updating the drivers and firmware in Windows and Windows Server.
Stop hurting yourself by: Disabling IPv6, why do you really do it?
WMI: Stop hurting yourself by using “for /f %%s in (‘dir /s /b *.mof *.mfl’) do mofcomp %%s”