Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Account Lockout Duration for Locked Out User Accounts


Account Lockout Duration for Locked Out User Accounts

How to Set Account Lockout Duration for Locked Out User Accounts
Published by Brink
19 Mar 2010
Published by

How to Set Account Lockout Duration for Locked Out User Accounts

information   Information
The account lockout duration security setting determines the number of minutes a locked out account remains locked out, after reaching the account lockout threshold of invalid logon attempts with a incorrect user name and/or password, before automatically becoming unlocked.

When you first setup an account lockout threshold, the default account lockout duration is set to 30 minutes. This tutorial will show you how to set how many minutes you want for the account lockout duration to be in Windows 7 and Windows 8.

warning   Warning
You will only be able to do this while logged in as an administrator.

EXAMPLE: Locked Out User Account
NOTE: This is the locked out message a user will get if they reach the account lockout threshold number of invalid logon attempts.
-logon_screen.jpg



OPTION ONE
Through Local Security Policy
1. If you have not already, you will need to set a account lockout threshold first for the number of invalid or failed logon attempts that causes a user account to be locked out.

2. Open the Local Security Policy editor.

3. In the left pane, expand Account Policies, and click on Acount Lockout Policy. (see screenshot below)
-duration1.jpg
4. In the right pane, double click on Account lockout duration. (see screenshot above)

5. Type in a number between 0 and 99999 for how many minutes you want the user acount to be locked out for until automatically unlocked, then click on OK. (see screenshot below)
NOTE: The account lockout duration must be greater than or equal to the reset account lockout counter after time.
WARNING: If you set the account lockout duration to 0, then a locked out user account will be locked out until an administrator manually unlocks that locked out user account.
Name:  Duration2.jpg
Views: 58091
Size:  59.4 KB
6. Click on OK. (see screenshot below)
NOTE: You will not see this unless the account lockout duration is not greater than or equal to the reset account lockout counter after time.
Name:  Duration3.jpg
Views: 57828
Size:  71.3 KB
7. When done, close the Local Security Policy editor. (see screenshot below)
-duration4.jpg



OPTION TWO
Through an Elevated Command Prompt
1. If you have not already, you will need to set a account lockout threshold first for the number of invalid or failed logon attempts that causes a user account to be locked out.

2. Open an elevated command prompt in Windows 7 or Windows 8.


3. To See the Current "Account Lockout Duration" Setting
A) In the elevated command prompt, type net accounts and press enter. (see screenshot below)
NOTE: The account lockout duration must be greater than or equal to the reset account lockout counter after time.
Name:  CMD_Duration1.jpg
Views: 58643
Size:  119.3 KB
4. In the command prompt, type the command below and press Enter.
NOTE: Substitute (1-99999) for a number between 1 and 99999 for how many minutes you want the user acount to be locked out for until automatically unlocked.
Code:
net accounts /lockoutduration:(1-99999)
For example, for 45 minutes until a locked out user account is unlocked automatically, I would type in this command below and press enter.

Code:
net accounts /lockoutduration:45
Name:  CMD_Duration2.jpg
Views: 58028
Size:  112.6 KB
5. Close the elevated command prompt.
That's it,
Shawn




3 Weeks Ago   #1
zwork

Win10x64Pro
 
 

I want to be able to set the account lockout duration to 0 using cmd. When doing this in Local Security Policy, it shows that a lockout duration of 0 means an administrator will have to unlock the account. I need to be able to do this same function via cmd or Powershell.

Here is what happens when I try and do it via cmd:


My System SpecsSystem Spec
3 Weeks Ago   #2
Brink
Microsoft MVP

64-bit Windows 10 Pro
 
 

Hello zwork, and welcome to Seven Forums.

It appears that Microsoft has changed this for the command for some reason. I suppose you could enter the maximum value of 99999 as workaround for them to be blocked out for about 70 days.

In addition, see this below for a GPO that may help.

https://technet.microsoft.com/en-us/...(v=ws.11).aspx
My System SpecsSystem Spec
3 Weeks Ago   #3
zwork

Win10x64Pro
 
 

Is there a way to change a GPO setting via CMD or Powershell? A quick google search didn't reveal anything outside of a registry change, but the local security policies aren't "in the clear" in the registry
My System SpecsSystem Spec
.

3 Weeks Ago   #4
Brink
Microsoft MVP

64-bit Windows 10 Pro
 
 

I don't know of a way other than through security policy.
My System SpecsSystem Spec
3 Weeks Ago   #5
zwork

Win10x64Pro
 
 

Ok thanks, I'll keep looking.
Also, is there a
Code:
net accounts
option for password complexity?
My System SpecsSystem Spec
3 Weeks Ago   #6
zwork

Win10x64Pro
 
 

If you know the exact text for the LSP setting, you can use this:
Code:
secedit /export /cfg c:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 0", "PasswordComplexity = 1") | Out-File C:\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY
rm -force c:\secpol.cfg -confirm:$false
Just replace "PasswordComplexity" with the setting you want to change (and then obviously update the new values)
The left PasswordComplexity is the existing value, and the one on the right is the new, desired value.
My System SpecsSystem Spec
3 Weeks Ago   #7
Brink
Microsoft MVP

64-bit Windows 10 Pro
 
 

Thank you.
My System SpecsSystem Spec
Comment

 Account Lockout Duration for Locked Out User Accounts




Tutorial Tools




Similar help and support threads
Windows 7 Tutorial Category
Account Lockout - Unlock a Locked Out User Account
How to Unlock a Locked Out User Account in Windows 7 and Windows 8 Normally the account lockout duration security setting determines the number of minutes a locked out account remains locked out before automatically becoming unlocked. If the account lockout duration is set to 0 minutes, then a...
Tutorials
Stand-Alone System all User and Admin Accounts are locked out
I am running Windows 7 64bit, 32GB Ram, Dual 10 core processors. All accounts on the box will randomly get locked out. This lockout is occurring "at least on the surface" with no repeated log-on attempts or no repeated bad password entries. Simply press a keyboard or move the mouse to unlock...
General Discussion
Sharing same dropbox account for two different user accounts possible?
Or do you have to redownload everything on the second account as well?
General Discussion
I've locked myself out of my user account
I just created a non-administrator windows profile and hid my only other profile from the Windows 7 logon screen using a registry hack I found online. I assumed that like previous versions of Windows I would be able to still log in to my old account by typing in my user name somehow. Unfortunately...
General Discussion
Renaming a locked User Account folder
Hi, I've recently picked up a new hard drive from a buddy of mine. I've managed to change my computer name and user account name. However, the user folder in "My Computer -> Local Disk C: -> Users" is locked, and I am unable to change the name. It doesn't cause any problems, I just want to find...
General Discussion
Help I changed user accounts now locked out
I was trying to setup password and must have clicked on adminstrator rights and now I'm locked out and the area is greyed out the keys that say yes when i want to setup advanced user accounts setup.. IF I could at least get into restore \i could set the pc back. but it says do you want to make...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:41.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App