What is an Account lockout Threshold

This is a policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until it is reset by an administrator or until the number of minutes specified by the Account lockout duration policy setting expires. You can set a value from 1 through 999 failed sign-in attempts, or you can specify that the account will never be locked by setting the value to 0. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.

Failed password attempts on workstations or member servers that have been locked by using CTRL+ALT+DELETE or password-protected screen savers do not count as failed sign-in attempts unless Interactive logon: Require Domain Controller authentication to unlock workstation is set to Enabled. If Interactive logon: Require Domain Controller authentication to unlock workstation is enabled, repeated failed password attempts to unlock the workstation will count against the account lockout threshold.

Brute force password attacks can be automated to try thousands or even millions of password combinations for any or all user accounts. Limiting the number of failed sign-ins that can be performed nearly eliminates the effectiveness of such attacks.

However, it is important to note that a denial-of-service (DoS) attack could be performed on a domain that has an account lockout threshold configured. A malicious user could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the value of Account lockout threshold, the attacker could potentially lock every account.

This policy setting is supported on versions of Windows that are designated in the Applies To list at the beginning of this topic.

Subscribe to our mailing list

* indicates required


  • GPO_name\Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy


To find out more on account lock out duration and reset account lockouts after click the below links


Leave a Reply