ESXI-67-000005 - The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user.


By limiting the number of failed logon attempts, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. Once the configured number of attempts is reached, the account is locked by the ESXi host.


From the vSphere Client, select the ESXi host and go to Configure >> System >> Advanced System Settings.

Click 'Edit', select the 'Security.AccountLockFailures' value, and configure it to '3'.


From a PowerCLI command prompt while connected to the ESXi host, run the following command:

Get-VMHost | Get-AdvancedSetting -Name Security.AccountLockFailures | Set-AdvancedSetting -Value 3

Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system VMware.