Protecting your Windows 11 PC against potential unauthorized access is of paramount importance. When a user repeatedly enters incorrect passwords, it raises suspicion that this might be a cyber attacker attempting to gain entry via brute force. Fortunately, Windows 11 offers an in-built mechanism to counteract this threat. Domain controllers on Windows monitor these login attempts and can be set to automatically lock out an account after a predetermined number of unsuccessful tries. The Account Lockout Policy settings define this threshold and subsequent actions to be taken. For instance, the “Account lockout threshold” policy determines how many failed attempts trigger the lockout. By default, the threshold is set to 10 failed tries, but users have the flexibility to adjust this number based on their security preferences. A locked account remains inaccessible until manually reset or when Windows unlocks it after a designated time. It’s worth noting that if the threshold is any number above 0, the “Account lockout duration” needs to be equal to or surpass the “Reset account lockout counter after” value.
How to Change Account Lockout Threshold on Windows 11 using Group Policy?
Do these steps to change the account lockout threshold on Windows 11:-
Step 1. Open Local Group Policy Editor.
Step 2. Browse to the following path in the left sidebar of the Local Group Policy Editor window:-
Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy
Step 3. Double-click on the policy name Account lockout threshold on the right side of the “Account Lockout Policy” folder.
Step 4. Switch to “Local Security Setting” in the “Account lockout threshold Properties” dialog.
Step 5. Set a new number of invalid login attempts before an account is locked.
Step 6. Press the Apply button.
Step 7. Click on the OK button.
How to Change Account Lockout Threshold on Windows 11 through Command Prompt?
Do these steps to change the account lockout threshold on Windows 11 using Command Prompt:-
Step 1. Open an elevated Command Prompt window.
Step 2. Browse the following command and hit the Enter key to view the current settings for the Lockout threshold:-
net accounts
Step 3. Again, type the following and hit the Enter key on the keyboard to set a new lockout threshold:-
net accounts /lockoutthreshold:<number>
Note: Replace the <number> in the above command line with a number between 0 and 999 for how many invalid login attempts you want until locked out after.
After completing the above steps, a new lockout threshold will be set for your user account on a Windows 11 machine.
Conclusion
Adjusting the Account Lockout Threshold on Windows 11 is a proactive measure to strengthen security against potential brute-force attacks. Windows 11 provides two main methods to change this threshold: via the Local Group Policy Editor and the Command Prompt. While the Local Group Policy Editor provides a graphical interface for users, the Command Prompt offers a direct command-line approach. Depending on individual preference and familiarity, users can choose either method to set their desired threshold and enhance the security of their system.
