Change Reset Account Lockout Counter for Local Accounts in Windows 10  

How to Change Reset Account Lockout Counter for Local Accounts in Windows 10
   Information
When you have the Account lockout threshold policy setting set to a number greater than 0, the Reset account lockout counter after policy setting determines the number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0. If Account lockout threshold is set to a number greater than zero, this reset time must be less than or equal to the value of Account lockout duration.

A disadvantage to setting Reset account lockout counter after too high is that users lock themselves out for an inconveniently long period if they exceed the account lockout threshold through sign-in errors. Users may make excessive Help Desk calls.

This tutorial will show you how to change the Reset account lockout counter after for how many minutes must elapse from the time a local account fails to sign-in before the failed logon attempt counter is reset to 0 in Windows 10.

You must be signed in as an administrator to change the Reset account lockout counter after policy.

CONTENTS:

  • Option One: To Change Reset Account Lockout Counter After for Local Accounts using Local Security Policy
  • Option Two: To Change Reset Account Lockout Counter After for Local Accounts using Command Prompt

EXAMPLE: "The referenced account is currently locked out and may not be logged on to" error

OPTION ONE

To Change Reset Account Lockout Counter After for Local Accounts using Local Security Policy

   Note
Local Security Policy is only available in the Windows 10 Pro, Enterprise, and Education editions.

All editions can use Option Two below.

1. Press the Win+R keys to open Run, type secpol.msc into Run, and click/tap on OK to open Local Security Policy.

2. Navigate to Account Policies and Account Lockout Policy in the left pane of Local Security Policy. (see screenshot below)

3. In the right pane of Account Lockout Policy, double click/tap on the Reset account lockout counter after policy. (see screenshot above)

4. Type in a number between 1 and 99999 for the number of minutes you want that must elapse from the time a user fails to sign-in before the failed logon attempt counter is reset to 0, and click/tap on OK. (see screenshots below)

   Note
Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.

The default setting is 30 minutes.


5. If Account lockout duration is not greater than or equal to the value of Reset account lockout counter after, then click/tap on OK to change Account lockout duration to be equal to the value of Reset account lockout counter after. (see screenshot below)

6. When finished, you can close the Local Security Policy window if you like.

OPTION TWO

To Change Reset Account Lockout Counter After for Local Accounts using Command Prompt

1. Open an elevated command prompt.

2. Enter the command below into the elevated command prompt, press Enter, and make note of the current Lockout observation window (Reset account lockout counter after). (see screenshot below)
net accounts


3. Enter the command below into the elevated command prompt, and press Enter. (see screenshot below)
net accounts /lockoutwindow:Number

   Note
Substitute Number in the command above with a number between 1 (none) and 99999 for the number of minutes you want that must elapse from the time a user fails to sign-in before the failed logon attempt counter is reset to 0.

Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.

The default setting is 30 minutes.


4. When finished, you can close the elevated command prompt if you like.

That’s it,
Shawn

Leave a Reply