Account lockout threshold#

Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy


Determines the number of failed logon attempts that will cause a user account to be locked out by Intruder Detection. A locked out account cannot be used until it is reset by an administrator or the account lockout duration has expired. You can set values between 1 and 999 failed logon attempts, or you can specify that the account will never be locked out by setting the value to 0.

By default, this setting is disabled in the Default Domain Group Policy object (GPO) and in the local security policy of workstations and servers.


Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers do not count as failed logon attempts.

Active Directory Account Lockout#

Describes details on Active Directory Account Lockout.

More Information#

There might be more information for this subject on one of the following: