Duke IT Security Logo just a line

Creating an Account Lockout Policy

To Create an Account Lockout Policy:

  1. Select the Start button on the lower, left hand side of the screen.
  2. From the menu that pops up, select the Settings submenu and select the Control Panel option. This will open the Control Panel window.
  3. In the Control Panel window, select Administrative Tools.
  4. In the Administrative Tools window, double click on the Local Security Policy icon.
  5. In the new window, double click the Account Policies item.
  6. Double click on the Account Lockout Policy. This will display three options: Account Lockout Duration, Account Lockout Threshold and Reset Account Lockout Counter.
  7. Double click on Account Lockout Duration. This option sets the number of minutes the account will be locked out. A day might be a good option here (1440 minutes). Set the appropriate value and hit the OK button.
  8. Double click on Account Lockout Threshold. This option sets the number wrong guesses someone gets before the account is locked down. Set this value somewhere between 3 and 5 then hit the OK button. (1440 minutes).
  9. Double click on Reset Account Lockout Counter After. This option sets the number of minutes before the counter of wrong password attempts is reset. So, if you set this value to 60 minutes and the above value to 3, then 3 wrong passwords in a one hour period will lock out the account. Set a value that seems reasonable and hit the OK button.
  10. Close the Local Security Settings window.