Most of us use an account password to protect our Windows computers, and sometimes no matter how strong the password you are using, it doesn’t stop those people who are desperate to try to guess your Windows logon password. To make matters worse, they may even succeed with few tries if you are using easy-to-guess passwords to secure your Windows computer. If you want to avoid those kinds of awkward situations, here is how you can get your PC to auto lockdown after a certain number of invalid logon attempts on your Windows machine.
Note: While this tip is helpful in protecting your Windows computer from wild password guesses and brute force attacks, it can’t protect your Windows computer from resetting its password by other means (like using live CD).
Temporarily Lock Your PC
1. Before doing anything, let’s check if there are any pre-set thresholds on your Windows computer. To do that, open your command prompt as admin (press “Win + X” and select “Command Prompt (admin)” ) and enter the following command:
net accounts
Once you execute the above command, the command prompt will display your current account security policy. If there is no previous threshold set, then you should see the value “Lockout threshold” set to “Never.”
2. To temporarily lock your PC after a certain number of invalid logon attempts, we are going to modify a couple of Windows local security policies. First, press “Win + X” and select “Control Panel” from the list of options.
3. Select “Administrative Tools.” Also ensure that “view by” is set to large or small icons.
4. Here find and double click on “Local Security Policy.” This action will open “Local Security Policy” window.
5. Now on the left pane, navigate to “Account Policies” and then “Account Lockout Policy.” Now on the right pane, select and double click on “Account lockout threshold.”
Enter the allowed number of invalid logon attempts and click on the OK button to save changes. As you can see from the image below, I’ve entered the value as 10, i.e. Windows will lock out the computer after ten invalid logon attempts.
As soon as you click on the OK button, Windows will open another window with optimal suggestions where “Account lockout duration” is set to 30 minutes and “Reset account lockout counter after” is also set to 30 minutes. Just click on the OK as 30 minutes is more than enough for any computer. Also, you can reset the lockout and reset the time any time you want from “Local security policy.”
Once everything is done, your Local security policy window will look something like this.
Alternatively, you can also confirm the changes using the command prompt method show above:
net accounts
Once executed, you will see that the “Lockout threshold” is set to 10 attempts and duration and reset window is set to 30 minutes each.
That’s all there is do. From now on, your Windows machine will block any user after a certain number of invalid logon attempts effectively blocking password guesses and brute force attacks.
Hopefully that helps, and do comment below if you face any problems while setting up the lockout threshold in your Windows machine.