Windows > Server Security & Hardening

Windows Lockout Policy


Hi Guys,

Windows Server 2003 and later server versions includes an account lockout feature that will disable an account after a number of logon failures specified by an administrator. For maximum security, enable lockout after 3 to 5 failed attempts, reset the count after not less than 30 minutes, and set the lockout duration to Forever (until admin unlocks).

This is a part of Windows Server policy and is set in the Domain Security Policy tool, which you can find under Administrative Tools on a domain controller. Select Security Settings, then select Account Policies and click Account Lockout Policy. To set lockout duration to Forever, enter a "0." Because this is domain-wide policy, you only have to perform this action once.


[0] Message Index

Go to full version