After the policy setting, theReset account lockout counter found the number of minutes that must elapse from when a user fails to sign in before the failed sign-in attempt counter is modified to 0. If the Account lockout threshold is set to a number greater than zero, this reset time must be less than or equal to the value of the Account lockout duration.
In Windows 11, this new policy setting automatically locks out your account if someone tries to access your account with the wrong passwords up to 10 times. Then that account will be locked out for 10 minutes by default; after that, it unlocks automatically. If you can’t wait, you can unlock it manually also.
This article will guide you on changing the reset account lockout counter after time in Windows 11.
How to Change Reset Account Lockout Counter After Time in Local Group Policy Editor?
Do these steps to configure the “reset account lockout counter after” policy using Local Group Policy Editor:-
Step 1. Open Local Group Policy Editor.
Step 2. Navigate to the following path in the left sidebar of the Local Group Policy Editor window:-
Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy
Step 3. Double-click on the policy name
Step 4. Type in a number (in minutes) between 1 and 99999 you want that must elapse from when a user fails to log on before the failed logon attempt counter reset to 0.
Step 5. Hit
Step 6. Press
Step 7. After that, reboot your computer to apply the changes.
How to Change Reset Account Lockout Counter After Time using Command Prompt or Windows PowerShell?
Do these steps to change the “reset account lockout counter after” time using Command Prompt or PowerShell:-
Step 1. Open elevated Command Prompt or PowerShell window.
Step 2. Type the following and hit the
net accounts
Step 3. Again, type the following command and hit the Enter key on the keyboard:-
net accounts /lockoutwindow:<number>
Note: Replace <number> in the above command with a number between 1 and 99999 minutes you want that must elapse from when a user fails to log on before the failed logon attempt counter is reset to 0.
If you don’t configure this policy setting or if the value is configured to an interval that is too long, an attacker could attempt to sign in to each user’s account numerous times and lock out their accounts. A denial-of-service (DoS) attack might succeed, or administrators might have to unlock all locked-out accounts manually. Configure this policy setting to a reasonable value. Users can perform new attempts to sign in after a failed sign-in within a good time without making brute force attacks feasible at high speeds. Be sure that you notify users of the values used for this policy setting so that they wait for the lockout timer to expire before they call the Help Desk.
That’s it.
Thank you.
You guys are amazing; Keep reading, learning, and growing.
