The Account lockout threshold policy setting is one way you can prevent unauthorized access to your computer system. In this article, you will learn how to Change Account Lockout Threshold for Local Accounts in Windows 10 and Windows 11: The reference account is currently locked.
An attack like a brute-force attack can be prevented when an automated login system is set up to try several combinations of login credentials. Please see How to manage costs with AWS Budgets, and Microsoft Account Password Reset via Web and Windows
But we also have some bad vectors out there who would like to cause a denial of service on a domain that has an account lockout threshold setup hitting the domain with several combinations of login credentials and making logging into the domain impossible for users.
Below is a YouTube video showing how to change the Local Administrator lockout threshold.
When the number of attempts set on the policy is exhausted the account will be locked and it’s only an Administrator that can unlock it or you will wait for the specified number of minutes to expire and you can try to log in again. The amount of value you can set for the sign-in attempts is between 1-999.
If you want to read more on Account read these Local Administrators Account lockout is now available, How to Change User Account Type in Windows 10, How to set an account expiration date in Active Directory, Windows sign-in options, and account protection on Windows 11.
How to Change Account Lockout Threshold for Local Accounts in Windows 10 and Windows 11
Follow the steps below on how to change the account lockout threshold
1. Run this command
secpol.msc to open the Local Security Policy.
2. Navigate to Account Policies > Account Lockout Policy in the left pane of Local Security Policy.
Please see How to disable automatic screen lock in Ubuntu Linux. How to deploy MBAM for Bitlocker Administration, and How to create a Windows Server reference image using WDS. See how to fix “An Attempt Was Made to Reference a Token That Does Not Exist” in Windows 10.
Enter the Value for Invalid Logon Attempts
3. In the right pane of Account Lockout Policy, double-click on the Account Lockout threshold policy and type in a number between 0 and 999.
The number entered will be the number of sign-in attempts allowed before the account will be locked out. Click Ok.
4. Once you click Ok. You can decide to change the Account lockout duration, Reset the account lockout counter after and Allow Administrator account lockout.
5. Now go ahead to try with wrong password three times
6. Once the Sign-in attempts are exhausted.
The system will be locked and you will see the below message.
7. Using the command to change the Account lockout Threshold open the command prompt as Administrator and run this command.
This will display your current Account Policy settings
Enter the below command and input the Number.
I hope you found this blog post on how to Change Account Lockout Threshold for Local Accounts in Windows 10 and Windows 11: The reference account is currently locked interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.