Limiting the Number of Login Attempts

As a security measure, you may want to limit the number of login attempts that can be made on your system. This is so that someone trying to break into your system by continually trying random passwords will end up locking the account for a certain period of time.

Assuming you have administrative privileges, you can establish the parameters for the lockout. To do this, go to Search | Administrative Tools | Local Security Policy (in Windows 7) or click Start and type (without quotes) "local security" and press Enter (in Windows 10). (See Figure 1.)

Figure 1. Local Security Policy main screen.

On the left of the dialog box, expand the "Account Policies" node and then click on "Account Lockout Policy." (See Figure 2.)

Figure 2. Accessing the Account Lockout Policy parameters.

In the right pane, you'll see that there are three lockout-related parameters that you can adjust. (You adjust them by double-clicking the Policy name and specifying the desired value.) The Account Lockout Duration setting denotes how long the account will stay locked once it becomes locked. You can specify a number anywhere between 0 and 99999 minutes. If set to 0, the account will remain locked until explicitly unlocked.

The Account Lockout Threshold setting denotes how many consecutive failed login attempts can occur before the account is locked. You can specify a number anywhere between 0 and 999. If set to 0, the account will never be locked out.

The Reset Account Lockout Counter After setting denotes the amount of time it will take before a locked-out account is automatically unlocked. You can specify a number between 1 and 99999 minutes. If an Account Lockout Threshold is defined, this reset time must be less than or equal to the Account Lockout Duration setting.

After you've made whatever changes you want to the lockout parameters, OK your way out. The settings go into effect immediately.

 This tip (13087) applies to Windows 7 and 10.