Windows-itpro-docs: Exclusion of built in administrator
It would be helpful if this page noted that a Built in Domain Administrator is exempted from these policies. Although this is documented on this older page:
I have regularly noted community members who are unaware of this fact, and will reference this page as some form of indication that the Built In Administrator in fact should be impacted, as the wording implies it applies to all accounts.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 3974da73-1577-dbaf-00ec-f6fb6eee35df
- Version Independent ID: a562ec45-0c96-733b-2bef-c12f627dc02f
- Content: Account Lockout Policy (Windows 10) - Windows security
- Content Source: windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
- Product: w10
- Technology: windows
- GitHub Login: @Dansimp
- Microsoft Alias: dansimp
technion
All 6 comments
Fair point. Do you also have a suggestion for where you would like to see the extra note added in or between the existing paragraphs?
illfated
on 23 Jun 2020
Hi,
On reviewing the best place for this suggestion, it may alternatively be better in the /account-lockout-threshold page under "Security". The relevant DoS attack is already described in this section, and this is relevant to understanding the problem.
A suggestion on how this note may look:
_A lockout threshold policy will apply to both local member computer users and Domain Users, in order to allow mitigation of issues as described under "Vulnerability". The Built In Administrator account however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures these is no scenario where an administrator cannot logon to remediate an issue. As an administrator, there are additional mitigation strategies to available such as the use of a very strong password.
You may also refer to further advise here on regarding securing these accounts:
technion
on 23 Jun 2020
@technion thank you for pointing this out. Please clarify if the note should be added to this article or if you are referring to another article (security) please forward me the link to the actual document and I'll add the note in a PR.
lindspea
on 25 Sep 2020
Document referenced by this ticket:
Suggested page (>the /account-lockout-threshold page<) for the suggested note blob:
These 2 pages can easily be located in the same TOC section:
illfated
on 25 Sep 2020
Also, thank you for making me realize that I had forgotten that I was pondering if I should create a PR or wait for more MS Docs team feedback. 😉
illfated
on 25 Sep 2020
@illfated thanks as always for your help. I'll create a PR now @technion
lindspea
on 28 Sep 2020
Related issues
illfated
·
3Comments
ruffy91
·
3Comments
jadelise
·
3Comments
andrewpong
·
3Comments
KamilSzafarczyk
·
3Comments
Most helpful comment
@illfated thanks as always for your help. I'll create a PR now @technion