Tips, Windows 11

How to Change Account Lockout Policy in Windows 11

lockout policy in windows 11
21 Feb

Windows 11 has built-in security features to protect accounts from unauthorized access. One of these features is the account lockout policy, which locks an account after multiple failed login attempts. This policy prevents brute-force attacks but can sometimes lock users out unnecessarily.

For system administrators and users who want more control over these settings, adjusting the lockout policy can be helpful. This guide will walk you through different methods to modify the account lockout policy to suit your needs.

Key Points:

  • Account lockout settings help prevent unauthorized access.
  • Users can adjust lockout thresholds and durations using built-in Windows tools.
  • Windows 11 provides multiple methods to modify these settings.

lockout policy in windows 11

1.What Is an Account Lockout Policy?

An account lockout policy is a security setting that locks a user account after a set number of failed login attempts. This feature is crucial in preventing cyberattacks but can be frustrating if a user forgets their password.

Windows 11 allows users to customize three main lockout settings:

  • Account Lockout Threshold – Number of failed attempts before locking an account.
  • Account Lockout Duration – Time an account remains locked before unlocking.
  • Reset Account Lockout Counter – Time before failed attempts are reset.

These settings ensure that only authorized users gain access to their accounts while reducing security risks.

2.How to Change Account Lockout Policy Using Local Group Policy Editor?

The Local Group Policy Editor is the easiest way to modify the account lockout policy in Windows 11. This tool is available in Windows 11 Pro, Enterprise, and Education editions.

Steps to Change Account Lockout Policy Using Group Policy Editor:

  1. Press Win + R, type gpedit.msc, and press Enter.
  2. In the Local Group Policy Editor, go to:
    • Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy
  3. Double-click Account lockout threshold and set the desired number of failed attempts.
  4. Adjust Account lockout duration and Reset account lockout counter based on your preference.
  5. Click Apply and OK to save changes.
  6. Restart your computer for the settings to take effect.

Note: Local Group Policy Editor is not available in Windows 11 Home. Use the Registry Editor method instead.

3. How to Modify Account Lockout Policy Using Local Security Policy?

Another way to modify the account lockout policy is through the Local Security Policy tool. This method is recommended for users who prefer a graphical interface.

Steps to Modify Account Lockout Policy Using Local Security Policy:

  1. Open the Run dialog box by pressing Win + R, type secpol.msc, and press Enter.
  2. Navigate to:
    • Security Settings > Account Policies > Account Lockout Policy
  3. Double-click Account lockout threshold, enter a preferred value, and click OK.
  4. Modify Account lockout duration and Reset account lockout counter to fit your security needs.
  5. Apply changes and restart your computer.

Note: This method is only available in Windows 11 Pro, Enterprise, and Education.

4. How to Change Account Lockout Policy Using Command Prompt?

Users comfortable with command-line tools can modify the account lockout policy using the Command Prompt (CMD).

Steps to Change Account Lockout Policy Using CMD:

  1. Open Command Prompt as Administrator by searching “cmd,” right-clicking, and selecting Run as administrator.
  2. Run the following commands based on what you want to change:

Set account lockout threshold:
 net accounts /lockoutthreshold:<number>

Set lockout duration (in minutes):
 net accounts /lockoutduration:<number>

Set lockout counter reset time (in minutes):
 net accounts /lockoutwindow:<number>

  1. Close the Command Prompt and restart your computer for changes to take effect.

5. How to Change Account Lockout Policy Using Windows Registry?

If you are using Windows 11 Home, the Registry Editor is an alternative way to modify the account lockout policy.

Steps to Change Account Lockout Policy Using Registry Editor:

  1. Press Win + R, type regedit, and press Enter.

Navigate to:
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

  2. Look for the following keys and modify their values:
    • MaxFailedAttempts (sets the lockout threshold)
    • LockoutDuration (sets the lockout time)
  3. Restart your computer to apply changes.

lockout policy in windows 11

6. Default Account Lockout Settings in Windows 11 (Comparison Table)

Setting Default Value Recommended Value
Account Lockout Threshold 10 attempts 5-10 attempts
Account Lockout Duration 10 minutes 15-30 minutes
Reset Lockout Counter 10 minutes 15-30 minutes

7. How to Unlock a Locked Account in Windows 11? 

A locked-out account can be unlocked in two ways:

  1. Wait for the lockout duration to end.
  2. Manually unlock it using another administrator account:
    • Open Command Prompt as Administrator.

Run the command:
 net user <username> /active:yes

  • Press Enter and restart the computer.

8. Common Problems When Changing Account Lockout Policy 

Problem: Settings Not Changing After Modification

  • Restart the computer to apply changes.
  • Ensure changes are made with administrator privileges.

Problem: Locked Out of Administrator Account

  • Boot into Safe Mode and enable the built-in Administrator account.
  • Use a password reset disk if available.

9. Security Risks of Disabling Account Lockout Policy 

Disabling the account lockout policy increases security risks:

  • Attackers can perform brute-force attacks without restrictions.
  • Personal and professional data becomes vulnerable.

For better security, adjust the settings instead of disabling them completely.

10. How to Reset Account Lockout Policy to Default? 

To restore default settings:

Open Command Prompt as Administrator and run:
 net accounts /lockoutthreshold:10 /lockoutduration:10 /lockoutwindow:10

  • Restart your computer.

Conclusion

Modifying the account lockout policy in Windows 11 improves security while reducing inconvenience. Whether you use Group Policy, Security Policy, Command Prompt, or Registry Editor, the process is straightforward. Customizing the settings according to your needs ensures both security and usability.

FAQs

  1. What is the default account lockout threshold in Windows 11?
     The default is 10 failed attempts before the account locks.
  2. Can I disable the account lockout policy in Windows 11?
     Yes, but it is not recommended due to security risks.
  3. How long does a locked account remain locked?
     By default, it stays locked for 10 minutes.
  4. How do I unlock a locked administrator account?
     Use Safe Mode or another administrator account.
  5. Is the Local Group Policy Editor available in Windows 11 Home?
     No, use Registry Editor instead.

Meta Description:
 Learn how to change account lockout policy in Windows 11 with simple steps. Adjust lockout settings to prevent unwanted account lockouts easily.

Back to list
Older Make SolidWorks 2016 Work on Windows 11 with Simple Adjustments

Leave a Reply

Your email address will not be published. Required fields are marked *