1 300 737 205

How to configure account lockout policy for a domain on Windows Server

Prequisite: Only users that are Domain Admins or Enterprise Admins, or equivalent, are able to configure password policy on a Domain.


Navigate to Start – Administrative Tools – Group Policy Management.


Expand the relevant domain node. Right click Default Domain Policy and select Edit from the drop down list.


Group Policy Management Editor opens. Navigate to Computer Configuration\Policies \Windows Settings \Security Settings \Account Policies \Account Lockout Policy where three lockout policy settings listed.


To set the Account Lockout Threshold policy setting, right click it and select Properties from the drop down list.


The Account Lockout Threshold properties dialog box opens. For our example, we amend the lockout threshold number to 12. Click OK to apply the changes.


Note: Configuring the Account Lockout Threshold to 12 means that the user account would be ‘locked out’ after more than 12 failed logon attempts.

You are informed that since the Account Lockout Threshold policy setting has been given a value, Windows Server automatically defines and applies a security setting of 30 minutes to the other policy settings (Account Lockout Duration and Reset Account Lockout Counter After). Click OK to continue.


The Account Lockout Threshold has now been successfully configured. The other policy settings, Account Lockout Duration and Reset Account Lockout Counter After, also have been updated.


If you prefer that a user account is locked out until an administrator unlocks it again, open the Account Lockout Duration properties dialog box. Enter in ‘0’ to the text box and click OK.


The Account Lockout Duration policy setting has been configured to 0 minutes meaning that a user account would thus remain locked until an administrator unlocks it.





Request Your Free Consultation Today

We’ll come to your place of business, and give you a full diagnostic snapshot of your IT systems.