Group Policy setting WIN8 account logon error upper limit and lockout time

For security reasons, some of the more important applications such as network banking system will set the number of login restrictions, such as in the user login process if 5 times password input error will be frozen or a period of time to prohibit login. Microsoft's Windows 8 system provides an account login limit for this security mechanism, however, this feature is turned off by default, and users who have special requirements for system security and data privacy can limit this by setting the number of logon errors to the account through Group Policy settings, and specify the maximum number of login errors and the system lockout time.

In the Win8 Start screen or traditional desktop, press the shortcut key "Win+r", enter "Gpedit.msc" in the Run window, ready to enter the WIN8 System Group Policy Editor.

In the local Group Policy Editor of the WIN8 system, turn on the computer Configuration-windows Settings-security Settings-account lockout policy, and you can see that the account lockout threshold on the right is 0, and the account lockout time and reset account lockout counter are "not applicable." Double-click Account lockout Thresholds, or choose Properties from the right-click menu.

In the Account Lockout Threshold Properties Settings dialog box, click Local Security settings to see the default setting of 0 invalid logins, which is not locked. Enter a number here, which is the maximum number of incorrect login times set for the WIN8 system. Then click "Confirm" or "apply".

This security setting can determine the number of failed logon attempts that caused the user account to be locked. The locked account cannot be used until the administrator resets the lockout account or the account lockout time expires. You can set the number of failed logon attempts to a value between 0 and 999. If you set the value to 0, the account will never be locked.

Note: Failure to attempt a password on a workstation or member server that is locked with a ctrl+alt+del or password-protected screen saver also fails to count as a login attempt.

After we set the maximum account error login limit, the WIN8 system will automatically give the account lockout time and Reset account lockout counter time recommended values. The WIN8 system will lock down the account at the following time if we log in at an account with the wrong number of login times up to the limit we set.

After confirming the numeric changes, we can see the corresponding option numeric changes from the WIN8 Local Group Policy Editor. If you need to change the account lockout time, double-click the related option to reset the account lockout time or the Account lockout counter.

The security setting "Reset account lockout counters after" Determines the time that is required to reset the logon attempt failure counter to 0 incorrect logon attempts after a failed logon attempt, and the available range is 1-99,999 minutes. If the account lockout threshold is defined, this reset time must be less than or equal to the account lockout time. The default value is None. This policy setting makes sense only after the account lockout threshold is specified.

Above we introduced how to edit the WIN8 system through Group Policy to set the number of account login error limit and lockout time, the system security has higher requirements of friends can choose to use.