Windows 11 now has a security measure against brute-force password attacks that automatically locks the account for 10 minutes. So, if someone repeatedly enters the wrong password, the account automatically locks down after a pre-defined number of wrong attempts. It also allows admins of the system to lock out user accounts for a specific duration instead of the pre-defined 10 minutes.
Admins can choose to either specify a time range between 1 to 99,999 minutes after which the account will be automatically unlocked or they can set a manual lock. With the manual lock, the account will stay locked until the admin explicitly unlocks it.
Fortunately, it’s effortless to configure the duration per your requirement using either the Local Security Policy or the Command Prompt.
Change Account Lockout Duration Using Local Security Policy
Local Security Policy is a built-in tool for Microsoft Management Console users. And changing the account lockout duration using the Local Security Policy is a very simple process.
First, head to the Start Menu and type Local Security to perform a search. After that, click on the ‘Local Security Policy’ tile to continue.
Now, double-click on the ‘Account Policies’ folder and then click on the ‘Account Lockout Policy’ folder.
Then, from the right section, double-click on the ‘Account lockout duration’ policy.
After that, enter the numerical value from 1 to 99999 (in minutes) and then click on the ‘Apply’ and ‘OK’ buttons to confirm and close the window. If you set the value to 0, the account will be locked until you explicitly unlock it.
If the field to change the duration is greyed out, make sure you have defined the ‘Account lockout threshold’ policy and the value is greater than zero.
And that’s about it, you have successfully set the account lockout duration on your Windows system.
Change Account Lockout Duration Policy Using Windows Terminal
In case you do not wish to change the account lockout duration using the local security tool, you can also configure it using the Windows Terminal app.
First, head to the Start Menu and type Terminal to perform a search. After that, from the search results, right-click on the ‘Terminal’ tile and click on the ‘Run as administrator’ option.
Now, a UAC window will appear on your screen. If you are not logged in with an admin account, enter the credentials for one. Otherwise, click on the ‘Yes’ button to proceed.
After that, type or copy+paste the below-mentioned command and hit Enter to proceed. This will display the current account lockout threshold.
net accounts
Then type or copy+paste the following command and hit Enter to change the account lockout duration on your system.
net accounts/ lockout duration:<number>
Note: Replace the <number> placeholder with an actual numerical value between 1 and 99999. The entered value will be in minutes and the account will be unlocked automatically once the entered time has elapsed. Entering 0 would put the account on manual lockout.
And that’s it. You have successfully changed the account lockout duration on your system. Typically, Microsoft suggests keeping the duration to approximately 15 minutes to keep out malicious users who might be trying to get into the system using trial-and-error on the system password.
Member discussion