Hello Friends, Account Lockout Policy must implement in Domain Environment because it helps to protect your computer from unauthorized users. So today, we will learn how can we configure Account Lockout Policy GPO in our Domain Infrastructure.
System Administrators can follow below steps to apply Account Lockout Policy GPO to secure their Domain Computer and Environment.
First of all, Open Group Policy Management Console and create new group policy. Now, right click on it and select “Edit” option.
Freshers can follow link How To Open and Configure Group Policy. Thereafter go to the below path.
Expand “Computer Configuration” until you reach the below location:
Computer Configuration –-> Windows Settings –-> Security Settings –> Account Policies –> Account Lockout Policy
Once reach the above path then there will be appearing 3 policies on right pane, as mentioned below, which needs to configure as per your Organization’s Requirement. These policies are as follows:
- Account Lockout Duration
- Account Lockout Threshold
- Reset Account Lockout Counter After
Explanation of above policies as follows:
Account Lockout Duration – This policy setting determines that for how many minutes a locked-out account will remain locked out before automatically becoming unlocked.
Account Lockout Threshold – This setting determines the total number of failed logon attempts and if failed logon attempts exceeds from this pre-defined value then a user account will be locked out.
Reset Account Lockout Counter After – This policy settings determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts.
Then go to user’s workstation and run “gpupdate /force” command to apply this policy.
To check whether policy is applying or not just run “gpresult /r” command.