In this guide, we will show you the steps to lock the user account in Windows after a specified number of failed sign-in attempts. There is a slew of safety measures that you could take to enhance the overall security of your system. And the need to do so intensifies even further if you are the administrator but share your PC with others. So if there is more than one user account, then it is recommended to impose some strict privacy measures. One among them is to give the user a limited number of log-in attempts before locking their account.
This is similar to how your bank will block your credit/debit card if anyone enters the incorrect PIN three times. You could also apply a similar rule to the user account wherein the user would be given a specified number of chances to log in before blocking his or her account. The number of incorrect attempts [also known as Account Lockout Threshold] could only be set by the administrator and ranges from 1 to 999. For example, if you set it to 2, then the user has two chances to enter their PIN, upon the third attempt their account will be blocked.
By default, this value is set to 0, so a user has an unlimited number of attempts to log in to their account. Next up, another important question is how to unlock that account when the need arises. Well, it could either be unlocked by the administrator right away or the user will have to wait for a specific number of minutes that have been set by the administrator [also known as Account Lockout Duration] before he/she could re-enter the PIN. So with this, you would have got a pretty decent idea behind the functioning of this policy. Let’s now put it to the test right away.
How to Lock Account in Windows after Failed Sign-in Attempt
We will be dealing with three policies to carry out the said task- Account Lockout Threshold, Account Lockout Duration, and Reset Account Lockout Counter After. Let’s understand each of them
- Account Lockout Threshold: The number of incorrect attempts allowed before the account gets locked. it takes the value from 1 to 99. Its default value is 0 which implies an unlimited number of failed log-in attempts.
- Account Lockout Duration: The time, in minutes, until when the accounts remain locked out. It accepts values from 1 to 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it.
- Reset Account Lockout Counter After: This determines the total number of minutes that should elapse after a failed logon attempt after which the counter is set to 0. the failed logon attempt counter is reset to 0. It also accepts values from 1 to 99,999 minutes. Moreover, while it may sound obvious, but it is still worth stating that this time must be less than or equal to the Account Lockout Duration.
Now that you are aware of the three policies, let’s get started with the steps to lock the user account in Windows after a specified number of failed sign-in attempts in Windows.
- To begin with, enable Group Policy Editor on your Windows 11 PC.
- Then open Run via Windows+R and execute the below command.
gpedit.msc
- This shall launch Group Policy Editor. Now go to the following location-
Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy
- You will now see three policies, open Account Lockout Threshold.
- Assign the desired number of failed log-in attempts and hit OK.
- You will now get a Suggested Value Changes pop-up, click OK.
- Now open the Account Lockout Duration policy and assign it the desired duration [in minutes] till when the account should remain locked.
- Finally, open the Reset Account Lockout Counter After policy and assign it the time [in minutes] after which the failed login attempts counter should reset.
That’s it. These were the steps to lock the user account in Windows after a specified number of failed sign-in attempts. If you have any queries concerning the aforementioned steps, do let us know in the comments. We will get back to you with a solution at the earliest.
