What is Account Lockout Policy?
Account lockout policy disables a user account if an incorrect password is entered a specified number of times over a specified period. These policy settings help you to prevent attackers from guessing users’ passwords, and they decrease the possibility of successful attacks on your network. So before you enable account lockout policy, it is important to recognize that there is a risk of accidentally locking authorized users out of their accounts. Such a result can be quite costly for your organization because locked-out users cannot access their user accounts until the account unlocks automatically after a specified amount of time or until you unlock the accounts for them.
How to Configure Account Lockout Policy?
To configure account lockout policy read the rest of this article very carefully and do as instructions. First what you are going to do is open up run window and search gpedit.msc then hit enter. Local Group Policy Editor will open up. Now click on Computer Configuration> Windows Settings> Security Settings> Account Policies> Account Lockout Policy. You will see the following options. In this topic, we will explain all these options.
#1. Account Lockout Duration
This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it. If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time. Most the time, when you configure account lockout threshold those two options can be configured. Otherwise, it’s not possible to configure account lockout duration with lockout counter after. Most the time, when you configure account lockout threshold those two options can be configured. Otherwise, it’s not possible to configure account lockout duration with lockout counter after. By default, this option is set to “None” Because this policy setting only has meaning when an Account lockout threshold is specified.
#2. Account Lockout Threshold
This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed login attempts. If you set the value to 0, the account will never be locked out. Here I set it to 3. The user can enter the password only for three times. If he enters the incorrect password, his user locks for 15 minutes. You can set up the settings according to your own wish.
#3. Reset Account Lockout Counter After
This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration. It means that when the 15 minutes complete you can enter the password. If you set it less than 15 minutes, you can enter the password less than 15 minutes.
Conclusion
If you have got any kind of question in your mind regarding this article feel free to ask us below this post and we will answer it within 24 hours. This was all about how to configure account lockout policy in Windows server 2016 and its previous versions. Thanks for being with us.