» Windows
Tips»What Is Account Lockout Policy in Windows 10/8/7
The Account Lockout Policy is a crucial component of local security policies in Windows, governing when and how a user account is locked out due to incorrect login attempts. For those unfamiliar, this guide elucidates the concept of Account Lockout Policy and its functionality.
The Account Lockout Policy comprises three key elements: Account lockout threshold, Account lockout duration, and Reset account lockout counter after. To explore these settings, you can access the Local Security Policy on your Windows system.
This policy setting specifies the number of incorrect login attempts allowed before an account is locked out. By default, the threshold is set to 0, indicating that the account will not be locked out regardless of the number of failed login attempts. The value can be adjusted between 0 and 999. For instance, setting it to 3 means the account will be locked out after three failed login attempts.
This policy determines the duration, in minutes, that an account remains locked out before it is automatically unlocked. The default value is not set until the Account Lockout Threshold is configured to a value greater than 0, at which point it defaults to 30 minutes. The Account Lockout Duration can be set between 0 and 99,999 minutes. A value of 0 means the account will remain locked until manually unlocked by an administrator.
This policy setting dictates the time, in minutes, that must elapse after a failed login attempt before the counter resets to zero. To illustrate, if the "Reset account lockout counter after" is set to 30 minutes and the "Account Lockout Threshold" is set to 3, an account will be locked out after three incorrect attempts within those 30 minutes. However, if the third incorrect attempt occurs after 31 minutes, the account won't be locked out because the counter resets at 30 minutes, giving the user three more attempts.
By default, this policy is undefined and can only be configured after setting the Account Lockout Threshold. Upon configuring the threshold, it defaults to 30 minutes. The "Reset Account Lockout Counter after" can be set between 1 and 99,999 minutes, provided it is less than or equal to the Account Lockout Duration.
