I posted the following on the answers site but was recommended to post here
A client has asked me to enable an account lockout threshold on their domain.
I have made the appropriate changes in Group Policy and also configured an email notification under Task Scheduler that is triggered by Event ID 4740 appearing in the security log. http://community.spiceworks.com/scripts/show/1588-send-email-on-account-lock-out
It was when testing this that I noted after the nth incorrect password, I received an on screen alert "the referenced account is currently locked out and cannot be logged on to"
I tested again with an invalid username and did not get the same message. This is potentially a problem because it means that an attacker sees a difference between a valid username and an invalid username without being required to know any correct passwords.
Is there any way that I can disable this on screen alert so that attackers are not presented with a means to validate usernames?
I am already aware that account lockouts are no longer in favour for other reasons and have informed the client about the possibility of a denial of service attack that deliberately triggers these lockouts and taken certain steps to mitigate the effects.
However, given that an informed decision has been made to stick with the account lockout policy I would like to be able to mitigate this other undesired consequence if at all possible.