You would have noticed that security feature in smartphones doesn’t let you enter credentials when you repeatedly type it wrong. Have you ever wondered if you can to adopt same security feature for PC? If you had thought about it then let me tell you its possible. In fact, Windows Account Lockout Policy is much better in Windows as it allows you to set lockout threshold and duration. You can use Local Security Policy to Set Account Lockout Threshold in Windows.
How to Set Account Lockout Threshold in Windows ?
- Click on Start → Control Panel.
- Click on the category and change your view to large icons.
- Go to Administrative Templates → Local Security Policy.
- Under security settings expand Account Policies → Account Lockout Policy.
- Set Account Lockout threshold and click on OK.
- Automatically a popup box will open which will show account lockout duration and counter click on OK.
- You can change account lockout duration and counter by going to properties depending on your requirement.
What is Account Lockout Duration, Threshold and reset account lockout counter ?
- Account Lockout Duration: This security policy allows us to set the duration of account lockout. This varies from 0 to 99999. If you think zero minutes looking at 0 then you are wrong because if you set 0 the account will not get unlock unless administrator unlocks it.
- Account Lockout Threshold: Threshold is the number of invalid attempts after which the account will lock out. You can set the threshold between 0 to 999. By default threshold will be set to zero invalid attempts which mean no matter how many invalid attempts you make account will not be locked.
- Reset account lockout counter after: This policy determines the time for counting invalid login attempts and this time can be equal to or less than account lockout duration.
For example: If we set 5 invalid attempts and reset account counter after to 10 mins, then the account will lock out if a user tries 5 wrong password attempts in 10 mins but the account will not lock out if a user makes 5th attempt after 10 mins.
1. Is it possible to unlock account before Account Lockout Duration ?
Yes. it is possible, we can contact the administrator to unlock an account within the time specified in lockout duration.
2. How administrator can Unlock Account ?
Administrator will login in his account and he will right click on computer and go to manage. Then he will visit Local Users and Groups → Users. After going in users he will right click and go into the properties of locked user. He can also double click to go into properties. In user properties, he can unmark an option called “Account is Locked Out” and click on ok.
3. How can we Disable Account Lockout Policy in Windows ?
We can disable account lockout policy by entering 0 in account lockout threshold.
4. Is there any other way to Set Account Lockout Policy ?
Yes, we can press windows key + r to open run. Once run gets open we can type gpedit.msc and press enter or click on OK. Then we can go to Computer Configuration → Windows Settings → Security Settings → Account Policies → Account Lockout Policy and set account lockout threshold.