About failed login rules

Failed login rules can be configured to trigger a notification and/or disable a user account after the specified number of failed login attempts.

A failed login occurs each time someone attempts to log in with an invalid username or an incorrect password. The server keeps track of each failed login attempt for each user. If there is a failed login rule applied to a user, the server triggers the rule when the number of failed login attempts exceeds the maximum specified in the rule.

The server can differentiate between failed login attempts caused by invalid passwords and failed login attempts caused by a disabled account or an account with an expired password. You can specify which of these types of failed login attempts the server should use when deciding to send a notification.

Failed login rules provide a security feature but this functionality can cause the sysadmin to be locked out. This can happen if a rule has an active option to deny access. If this rule is applied to a sysadmin or any groups the sysadmin is in, there is a risk that they will be locked out of the system. To resolve the permanent lockout of an admin there are few strategies that can be used.
  • Maintain a second admin on the system. Use this second admin to unlock first one.
  • In case of lockout you can access the system via RDC and create a new sysadmin using iftpaddu.exe.
  • If you have access to the database you can change table Host_Users:
    • UPDATE Host_Users SET Account_Disabled = 0 WHERE UserID = UID