Local Security Policy > Security Settings > Account Policies > Account Lockout Policy

Account lockout duration

Helpful in environments where users constantly lock themselves out by entering bad passwords, this setting allows for the lock-out to be released after a defined number of minutes. Valid range is between 0 and 99,999 (if you set it to 0 the account remains locked until they call you and you unlock it for them). There is no default value set for clients as this only has meaning if the account lockout threshold is specified (and this setting is not on by default).

Note: If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time.

Account lockout threshold

This setting is used to specify the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. Valid range is between 0 and 999 (if you set it to 0, the account will never be locked out). The default is 0.

Failed password attempts made while trying to unlock a system (locked either by using CTRL+ALT+DELETE or a password-protected screen saver) counts as a failed logon attempt.

Reset account lockout counter after

This setting specifies the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. Valid range is between 1 minute and 99,999 minutes. There is no default because this setting only has meaning when account lockout threshold is specified (and that policy is not set by default).

Note: If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration.