Categories
All Posts Remote Desktop Hosting Windows Server 2016

Windows Server Lockout Policies

Lockout Policies (based on username attempts, not IP addresses):

To lock out an account for a period of time after a number of incorrect login attempts (to create delay with recurring failed logins), you can set up Account Lockout Policies in Windows.  It does NOT apply to the Administrator account (so you may want to disable the Administrator account and create a different account with administrator rights – see previous suggestion).  Lockout policies can be useful to prevent brute-force password guessing attacks but can cause your accounts to be locked out without you being able to access the server (so plan accordingly).

Local Security Policy (secpol.msc) -> Security Policies -> Account Policies -> Account Lockout Policy, set values for the three options, OR

Gpedit.msc -> Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Policies -> Account Policies -> Account Lockout Policy, set values for the three options

To unlock an account, (if a legit user is locked out) login under an active account (with administrator properties), go to the locked out user’s properties, and uncheck the box by “account is locked out”.

You can see detailed status of a user account by opening the command prompt and typing “net user [username]”