16.9 C
London
Saturday, October 1, 2022

How to Change Account Lockout Duration in Windows 11

There are two ways to quickly change the account lockout duration in Windows 11

With Windows 11, brute-force password attacks are automatically locked for 10 minutes as a security measure. So, if someone repeatedly enters the wrong password, the account automatically locks down after a pre-defined number of wrong attempts. It also allows admins of the system to lock out user accounts for a specific duration instead of the pre-defined 10 minutes.

Admins can choose to either specify a time range between 1 to 99,999 minutes after which the account will be automatically unlocked or they can set a manual lock. With the manual lock, the account will stay locked until the admin explicitly unlocks it.

Fortunately, it’s effortless to configure the duration per your requirement using either the Local Security Policy or the Command Prompt.

Change Account Lockout Duration Using Local Security Policy

Local Security Policy is a built-in tool for Microsoft Management Console users. And changing the account lockout duration using the Local Security Policy is a very simple process.

To start, go to the Start Menu and type Local Security. After that, click on the ‘Local Security Policy’ tile to continue.

Now, double-click on the ‘Account Policies’ folder and then click on the ‘Account Lockout Policy’ folder.

Then, from the right section, double-click on the ‘Account lockout duration’ policy.

After that, enter the numerical value from 1 to 99999 (in minutes) and then click on the ‘Apply’ and ‘OK’ buttons to confirm and close the window. If you set the value to 0, the account will be locked until you explicitly unlock it.

If the field to change the duration is greyed out, make sure you have defined the ‘Account lockout threshold’ policy and the value is greater than zero.

And that’s about it, you have successfully set the account lockout duration on your Windows system.

Change Account Lockout Duration Policy Using Windows Terminal

The Windows Terminal app can also be used to configure account lockout duration if you do not wish to use the local security tool.

Go to the Start Menu and type Terminal into the search box. After that, from the search results, right-click on the ‘Terminal’ tile and click on the ‘Run as administrator’ option.

The UAC window will now appear on your screen. Log in with your admin credentials if you are not already logged in. Otherwise, click on the ‘Yes’ button to proceed.

Then, type or copy+paste the below-mentioned command and press Enter. This will display the current account lockout threshold.

net accounts

Then type or copy+paste the following command and hit Enter to change the account lockout duration on your system.

net accounts/ lockout duration:<number>

Note: Replace the <number> placeholder with an actual numerical value between 1 and 99999. The entered value will be in minutes and the account will be unlocked automatically once the entered time has elapsed. Entering 0 would put the account on manual lockout.

And that’s it. You have successfully changed the account lockout duration on your system. Typically, Microsoft suggests keeping the duration to approximately 15 minutes to keep out malicious users who might be trying to get into the system using trial-and-error on the system password.

Latest news
Related news