We have tried the security policy settings described on the article you suggested, however "lock out" only introduces a time delay, it didn't revoke the operator's password. Which means you can wait until the lock out penalty period ends, and then login again with the old password.
The lack of a policy option to lockout an account after a certain number of failed attempts until an administrator manually unlocks it is surprising. I see this approach in practice more than I see the cooling off period option that is currently available. I would encourage you to submit an enhancement request for it in ML10 since account lockout, in my experience, is standard functionality in most authentication systems.
Since we are caling ShowDesktop[or its customized version], this code will get called only after succesful authentication. Thus even if we are able to check for count of failure attems inside this activity, this check will only be executed once the user provides correct password.
So, my understanding is, if we use this activity to check for failure attempts, that wont execute before the user provides valid credentials. Instead, I would go for a different approach.
Please provide your inputs on whether I am reading it right.
Posted: 5 years ago
Updated: 5 years ago
Posted: 23 Dec 2015 1:06 EST Updated: 23 Dec 2015 1:08 EST