How to Change Reset Account Lockout Counter After Time on Windows 11?

After the policy setting, theReset account lockout counter found the number of minutes that must elapse from when a user fails to sign in before the failed sign-in attempt counter is modified to 0. If the Account lockout threshold is set to a number greater than zero, this reset time must be less than or equal to the value of the Account lockout duration.

In Windows 11, this new policy setting automatically locks out your account if someone tries to access your account with the wrong passwords up to 10 times. Then that account will be locked out for 10 minutes by default; after that, it unlocks automatically. If you can’t wait, you can unlock it manually also.

This article will guide you on changing the reset account lockout counter after time in Windows 11.

How to Change Reset Account Lockout Counter After Time in Local Group Policy Editor?

Do these steps to configure the “reset account lockout counter after” policy using Local Group Policy Editor:-

Step 1Open Local Group Policy Editor.

Step 2. Navigate to the following path in the left sidebar of the Local Group Policy Editor window:-

Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy

Step 3. Double-click on the policy name Reset the account lockout counter after on the right side of the “Account Lockout Policy” folder.

Step 4. Type in a number (in minutes) between 1 and 99999 you want that must elapse from when a user fails to log on before the failed logon attempt counter reset to 0.

Step 5. Hit Apply button.

Step 6. Press OK button.

Step 7. After that, reboot your computer to apply the changes.

How to Change Reset Account Lockout Counter After Time using Command Prompt or Windows PowerShell?

Do these steps to change the “reset account lockout counter after” time using Command Prompt or PowerShell:-

Step 1Open elevated Command Prompt or PowerShell window.

Step 2. Type the following and hit the Enter key to view the current Lockout observation window (minutes) policy:-

net accounts

Step 3. Again, type the following command and hit the Enter key on the keyboard:-

net accounts /lockoutwindow:<number>

Note: Replace <number> in the above command with a number between 1 and 99999 minutes you want that must elapse from when a user fails to log on before the failed logon attempt counter is reset to 0.

If you don’t configure this policy setting or if the value is configured to an interval that is too long, an attacker could attempt to sign in to each user’s account numerous times and lock out their accounts. A denial-of-service (DoS) attack might succeed, or administrators might have to unlock all locked-out accounts manually. Configure this policy setting to a reasonable value. Users can perform new attempts to sign in after a failed sign-in within a good time without making brute force attacks feasible at high speeds. Be sure that you notify users of the values used for this policy setting so that they wait for the lockout timer to expire before they call the Help Desk.

That’s it.

Thank you.

You guys are amazing; Keep reading, learning, and growing.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: