How to Change Account Lockout Threshold for Local Accounts in Windows 10
Information
The Account lockout threshold policy setting determines the number of failed sign-in attempts that will cause a local account to be locked. A locked account cannot be used until an administrator unlocks it or until the number of minutes specified by the Account lockout duration policy setting expires. You can set a value from 1 through 999 failed sign-in attempts, or you can specify that the account will never be locked by setting the value to 0. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.
Brute force password attacks can be automated to try thousands or even millions of password combinations for any or all user accounts. Limiting the number of failed sign-ins that can be performed nearly eliminates the effectiveness of such attacks. However, it is important to note that a denial-of-service (DoS) attack could be performed on a domain that has an account lockout threshold configured. A malicious user could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the value of Account lockout threshold, the attacker could potentially lock every account.
This tutorial will show you how to change the Account lockout threshold to lock out a local account after a specified number of invalid sign-in attempts to Windows 10.
You must be signed in as an administrator to change the Account lockout threshold.
CONTENTS:
- Option One: To Change Account Lockout Threshold for Local Accounts using Local Security Policy
- Option Two: To Change Account Lockout Threshold for Local Accounts using Command Prompt
EXAMPLE: "The referenced account is currently locked out and may not be logged on to" error
Note
Local Security Policy is only available in the Windows 10 Pro, Enterprise, and Education editions.
All editions can use Option Two below.
1. Press the Win+R keys to open Run, type secpol.msc into Run, and click/tap on OK to open Local Security Policy.
2. Navigate to Account Policies and Account Lockout Policy in the left pane of Local Security Policy. (see screenshot below)
3. In the right pane of Account Lockout Policy, double click/tap on the Account lockout threshold policy. (see screenshot above)
4. Type in a number between 0 and 999 for how many invalid sign-in attempts you want before the account will be locked out after, and click/tap on OK. (see screenshots below)
The default setting is 0 invalid sign-in attempts for local accounts to never be locked out.
5. If the Account lockout threshold was originally set to 0 or you just set to 0 invalid sign-in attempts, then click/tap on OK. (see screenshots below)
6. When finished, you can close the Local Security Policy window if you like.
7. If you like, you can change the Account lockout duration and Reset account lockout counter after policies to what you want instead of the default 30 minutes.
1. Open an elevated command prompt.
2. Enter the command below into the elevated command prompt, press Enter, and make note of the current Lockout threshold. (see screenshot below)
net accounts
3. Enter the command below into the elevated command prompt, and press Enter. (see screenshot below)
net accounts /lockoutthreshold:Number
Substitute Number in the command above with a number between 0 (none) and 999 for how many invalid sign-in attempts you want before the account will be locked out after.
The default setting is 0 invalid sign-in attempts for local accounts to never be locked out.
4. When finished, you can close the elevated command prompt if you like.
5. If you like, you can change the Account lockout duration and Reset account lockout counter after policies to what you want instead of the default 30 minutes.
That's it,
Shawn Brink
Related Tutorials
- How to Sign in to Windows 10
- How to Change Account Lockout Duration for Local Accounts in Windows 10
- How to Change Reset Account Lockout Counter for Local Accounts in Windows 10
- How to Unlock a Local Account in Windows 10
- How to Enable or Disable Password Expiration for Local Accounts in Windows 10
- How to Add Password to Local Account in Windows 10
- How to Allow or Prevent User to Change Password in Windows 10
- How to Change Password of Local Account or Microsoft Account in Windows 10
- How to Change Maximum and Minimum Password Age for Local Accounts in Windows 10
- How to Change Minimum Password Length for Local Accounts in Windows 10
- How to Enforce Password History for Local Accounts in Windows 10
- How to Force Local Account to Change Password at Next Sign-in in Windows 10
- How to Reset Password of Local Account or Microsoft Account in Windows 10
- How to Remove Password of Local Account in Windows 10
Change Account Lockout Threshold for Local Accounts in Windows 10
Change Account Lockout Threshold for Local Accounts in Windows 10
How to Change Account Lockout Threshold for Local Accounts in Windows 10Published by Shawn BrinkCategory: User Accounts
22 Jul 2022
Tutorial Categories
Related Discussions
