Account lockout threshold

Information

Account lockout threshold

This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out.

Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers count as failed logon attempts.

Default: 0.

Solution

Policy Path: Account Lockout
Policy Setting Name: Account lockout threshold

See Also

https://blogs.technet.microsoft.com/secguide/2015/11/13/security-baseline-for-windows-10-build-10240-final/

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a., CSCv6|16.7

Plugin: Windows

Control ID: 65d84761518579f1910d8194c670fdc65801443febba8996123e3fcda45e073c