Restrict No. Of Login Attempts In Windows 7

We usually restrict the number of login attempts to our websites so that hackers can’t guess our passwords and hack into the systems. If we don’t limit the login attempts, hackers can use brute force methods to guess the passwords and ultimately break into the systems. Windows can also limit the no. of login attempts but this is particularly useful if the computer is connected to the network and is used by many people. You can limit the no. of login attempts that a user can try in order to login to the system. After the limit is reached, the system is locked until an administrator unlocks it  or it can be locked for a specified amount of time.

To configure the limit of login attempts in Windows 7, follow the steps below:

  • Go to Windows Start Menu Search and write “Local Security Policy”
  • Select Local Security Policy from the search results
  • Go to the following:

Security Settings –> Account Policies –> Account Lockout Policy
account lockout policy

  • From the right hand pane, select Account Lockout Threshold and select how many times you want to allow a user to try to login. The default value is 0 which means a user can try to login unlimited no. of times to the system which can be a security threat. Here is the complete explanation of this policy:

This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out.

Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers count as failed logon attempts.

Default: 0.

  • There are two other policies related to this policy. You’ll be prompted to configure those policies after you have configured this policy. The first policy is Account Lockout Duration in which you’ll specify how long you want the system to remain locked. Here is the complete explanation of the policy:

This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it.

If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time.

Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.

  • The second related policy is Reset Account Lockout Counter After. Here’s the complete explanation of this policy:

This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes.

If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration.

Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.