Configure Windows Account Lockout Policy with 5 Easy Steps

This guide will show you how to configure Windows Account Lockout Policy. The Windows Account Lockout feature helps keep your computer safe by blocking access after too many wrong password attempts. Administrators can set how many wrong attempts are allowed and how long the account stays locked.

You can now proceed to the guide steps below on the Orcacore website to see how you can configure Account Lockout Policy (threshold, duration, and counter after) on Windows Client and Windows Server.

How To Configure Windows Account Lockout Policy?

Many workplaces and organizations use this feature to keep accounts safe, and also it keeps your personal files and information secure. Now proceed to the guide steps below to see how you can configure Account Lockout settings.

1. Access Account Lockout Policy Settings

First, you must access your Account Lockout Policy on your system. To do this, you must open the Group Policy by using Win+R and type gpedit.msc:

From there, navigate to the following path:

Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy

You will see your Account Lockout settings:

Now let’s see how to configure your Lockout settings.

2. Set Account Lockout Threshold

The Windows Account Lockout Threshold is the number of times you can enter the wrong password before your account gets locked. For example, if the threshold is set to 5, and you type the wrong password 5 times in a row, Windows will lock your account for a certain time or until an admin unlocks it.

This feature helps protect your account from hackers who try to guess your password. Administrators can set the threshold based on security needs.

3. Set Account Lockout Duration

The Windows Account Lockout Duration is the amount of time your account stays locked after too many wrong password attempts. For example, if the duration is set to 30 minutes, and you enter the wrong password too many times, your account will stay locked for 30 minutes before you can try again.

This feature helps protect your account from hackers and prevents too many failed login attempts. An administrator can change the lockout duration based on security needs.

4. Reset Account Lockout Counter After

The Windows “Reset Account Lockout Counter After” setting controls how long Windows waits before resetting the failed login attempts back to zero.

For example, if this is set to 10 minutes and you enter the wrong password twice, but then wait 10 minutes without trying again, Windows will reset your failed attempts count. This means you get a fresh start instead of getting locked out after more failed attempts.

This feature helps balance security and convenience by giving users another chance without locking them out too quickly. Administrators can set this time based on security needs.

5. Allow Administrator Account Lock

The “Windows Allow Administrator Account Lock” setting decides whether an admin account can be locked after too many wrong password attempts.

By default, administrator accounts cannot be locked out, so they can always log in and fix issues. But if this setting is Enabled, even admin accounts will get locked after too many failed login attempts, just like regular user accounts.

This feature is useful for extra security, but it can also be risky because if the admin gets locked out, no one may be able to fix the problem easily.

Conclusion

The Windows Account Lockout feature is designed to enhance security by preventing unauthorized access to user accounts. At this point, you have learned how to access your Account Lockout settings and modify them according to your needs.

Hope you enjoy it. Please subscribe to us on Facebook, Instagram, and YouTube.

You may also like to read the following articles:

Defender Antivirus Configuration on Windows Server 2025

Installing Ubuntu in WSL with New Tar-based Format

Best Browsers for Windows in 2025

Top 5 Rufus Alternatives

FAQs