Account Lockout Duration for Locked Out User Accounts How to Set Account Lockout Duration for Locked Out User Accounts  Information The account lockout duration security setting determines the number of minutes a locked out account remains locked out, after reaching the account lockout threshold of invalid logon attempts with a incorrect user name and/or password, before automatically becoming unlocked.
When you first setup an account lockout threshold, the default account lockout duration is set to 30 minutes. This will show you how to set how many minutes you want for the account lockout duration.  Warning You will only be able to do this while logged in as an administrator. EXAMPLE: Locked Out User Account NOTE: This is the locked out message a user will get if they reach the account lockout threshold number of invalid logon attempts.  OPTION ONE Through Local Security Policy 1. If you have not already, you will need to set a account lockout threshold first for the number of invalid or failed logon attempts that causes a user account to be locked out. 2. Open the Local Security Policy editor. 3. In the left pane, expand Account Policies, and click on Acount Lockout Policy. (see screenshot below) 4. In the right pane, double click on Account lockout duration. (see screenshot above) 5. Type in a number between 0 and 99999 for how many minutes you want the user acount to be locked out for until automatically unlocked, then click on OK. (see screenshot below) NOTE: The account lockout duration must be greater than or equal to the reset account lockout counter after time. WARNING: If you set the account lockout duration to 0, then a locked out user account will be locked out until an administrator manually unlocks that locked out user account. 6. Click on OK. (see screenshot below) NOTE: You will not see this unless the account lockout duration is not greater than or equal to the reset account lockout counter after time. 7. When done, close the Local Security Policy editor. (see screenshot below)
OPTION TWO Through Elevated Command Prompt 1. If you have not already, you will need to set a account lockout threshold first for the number of invalid or failed logon attempts that causes a user account to be locked out. 2. Open a elevated command prompt. 3. To See the Current "Account Lockout Duration" SettingA) In the elevated command prompt, type net accounts and press enter. (see screenshot below) NOTE: The account lockout duration must be greater than or equal to the reset account lockout counter after time.
4. In the command prompt, type the command below and press Enter. NOTE: Substitute (0-99999) for a number between 0 and 99999 for how many minutes you want the user acount to be locked out for until automatically unlocked. If you set the account lockout duration to 0, then a locked out user account will be locked out until an administrator manually unlocks that locked out user account. Code: net accounts /lockoutduration:(0-99999) For example, for 45 minutes until a locked out user account is unlocked automatically, I would type in this command below and press enter. Code: net accounts /lockoutduration:45  5. Close the elevated command prompt. That's it,
Shawn |  Published by | | Administrator Join Date: Oct 2008 Location: Texas Posts: 37,303 | |
 Tutorial Tools | | | | | |