Denials

HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AccountLockout\<domain>:<user-name>

Data type Range Default value
REG_DWORD 0x1 - 0xFFFFFFFF There is no default value for this entry.

Description

Stores the current number of failed attempts to authenticate this user account for dial-up access.

This entry stores a counter that is incremented each time an attempt to authenticate the account (submit a valid user name and correct password) fails. This entry (and the user subkey that stores it) is created the first time an authentication attempt fails during the interval specified by the value of ResetTime (mins). The entry (and its subkey) is deleted when the value of ResetTime (mins) expires or someone successfully authenticates the user account.

If, at any time during the interval defined by ResetTime (mins), the value of Denials for this user reaches denial threshold for the server (stored in the value of MaxDenials) the user account is locked. The system does not process any subsequent dial-in authentication attempts for this account until the value of ResetTime (mins) expires, or an administrator deletes the user's <domain>:<user-name> subkey or sets the value of Denials for that account to 0 (or less than the value of MaxDenials).

Note Image Note

Account lockout prevents all dial-in access to a locked user account, not just access from the computer that submitted the failed authentication.