Overview
This article provides information as to why user accounts can lock out when performing scans in GFI LanGuard and provides a solution steps to resolve the issue.
Diagnosis
Depending on the configuration of the Account Lockout Policy setup in Microsoft Active Directory, the Weak Passwords option set in the scanning profiles can trigger user account lockouts during relevant scanning operations.
Check current Account Lockout Policy settings with your domain administrator. If there is a strict policy in place, like the Account lockout threshold set to 0, proceed with the Solution steps.
Solution
Follow the steps below to disable Weak Passwords vulnerability checks in GFI LanGuard:
- Start the GFI LanGuard console.
- Press CTRL+P to open the Scanning Profile Editor.
- For each Scanning Profile you are using for scanning operations, navigate to Vulnerability Assessment Options > Vulnerabilities.
- Click Advanced.
- Disable the Weak Passwords that are checked.
Note: If you do not want to disable Weak Passwords vulnerability checks adjust the domain Account Lockout Policy settings, especially the Account lockout threshold.
Testing
Perform scanning operations with GFI LanGuard and verify the account lockouts are gone.