In today’s digital age, security measures are evolving to protect our data more effectively. Windows 11 has stepped up its game by introducing the ‘Reset account lockout counter’ policy. This feature records the number of failed sign-in attempts and sets a timer, after which the counter is reset to zero. In essence, if someone tries to access your account with incorrect passwords consecutively, up to a limit of 10 times, Windows 11 will lock your account for a default duration of 10 minutes. It’s crucial to understand that if the Account lockout threshold is set to any value above zero, then the reset time for the account lockout counter must be either equal to or less than the duration set for Account lockout. While the system will auto-unlock post this period, if you’re in a hurry, manual intervention is also possible. Navigate through this article to learn how you can change the reset account lockout counter after time in Windows 11.
How to Change Reset Account Lockout Counter After Time in Local Group Policy Editor?
Do these steps to configure the “reset account lockout counter after” policy using Local Group Policy Editor:-
Step 1. Open Local Group Policy Editor.
Step 2. Navigate to the following path in the left sidebar of the Local Group Policy Editor window:-
Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy
Step 3. Double-click on the policy name Reset the account lockout counter after on the right side of the “Account Lockout Policy” folder.
Step 4. Type in a number (in minutes) between 1 and 99999 you want that must elapse from when a user fails to log on before the failed logon attempt counter reset to 0.
Step 5. Hit the Apply button.
Step 6. Press the OK button.
Step 7. After that, reboot your computer to apply the changes.
How to Change Reset Account Lockout Counter After Time using Command Prompt or Windows PowerShell?
Do these steps to change the “reset account lockout counter after” time using Command Prompt or PowerShell:-
Step 2. Type the following and hit the Enter key to view the current Lockout observation window (minutes) policy:-
Step 3. Again, type the following command and hit the Enter key on the keyboard:-
net accounts /lockoutwindow:<number>
Note: Replace <number> in the above command with a number between 1 and 99999 minutes you want that must elapse from when a user fails to log on before the failed logon attempt counter is reset to 0.
If this policy setting isn’t configured or is set to an excessively long interval, an attacker could make multiple sign-in attempts on each user’s account, potentially locking them out. This could lead to a successful denial-of-service (DoS) attack or necessitate manual unlocking of all locked-out accounts by administrators. It’s crucial to set this policy to a reasonable duration, allowing users to retry sign-ins after a failed attempt within a suitable timeframe without enabling high-speed brute force attacks. Ensure that you inform users about the values established for this policy so they can wait for the lockout timer to elapse before contacting the Help Desk.
Windows 11 has incorporated advanced security features to safeguard user data, among which is the ‘Reset account lockout counter’ policy. This policy, when appropriately set, can prevent unauthorized access while not overly inconveniencing genuine users. However, administrators need to configure it with caution, ensuring that the duration is neither too long nor too short. A carefully chosen duration will prevent malicious brute-force attempts while letting users have another go after a short wait. By following the outlined steps, users and administrators can easily configure this security measure, enhancing the protection of their Windows 11 systems.