I am running VMWare 6.5 on a hosted datacenter machine where I do not have direct console access to the server. The web management console MUST be exposed to the whole Internet and there is nothing I can do about it.
In order to keep myself from getting locked out by hackerz sieging the root account, I have no choice but to disable the account lockout protection:
Advanced Settings -> Security.AccountLockFailures = 0
Really what I'd like to do is rename or delete "root" and replace it with another account name (acting effectively as two passwords ... the username and the password to get into it) so that attempts to hack root will always fail.
So far my poking around in the web console indicates this is not possible.
,
About the only solution I have been able to come up with so far is to make another extremely obscurely named account, promote it to have all root privileges, and then set the root account password to something absolutely ridiculous that will never be used, cannot be remembered, is gibberish using every allowable character, and is at least 200-500 characters long.