AccountLockout

HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\

Description

The AccountLockout subkey stores the database for the account lockout feature of Routing and Remote Access.

Account lockout prohibits dial-in access to a server after repeated failed authentication attempts. By default, the account lockout feature is disabled.

This subkey stores entries that specify the operating criteria for the Account Lockout feature. It also includes subkeys representing user accounts affected by the feature. These <domain>:<user-name> subkeys each represent one user and track the number of failed attempts to authenticate the user.

Note Image Note

Account lockout prevents all dial-in access to a locked user account, not just access from the computer that submitted the failed authentication.

Tip Image Tip

To disable Account Lockout or reset all user denial counts to 0 while the server is running, set the value of MaxDenials to 0. If you delete the AccountLockout subkey or the <domain>:<user-name> subkey for a user, the service does not detect the change until the system is restarted.