NoteHKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AccountLockout
| Data type | Range | Default value |
|---|---|---|
| REG_DWORD | 0x0 - 0xFFFFFFFF | 2880 (48 hours) |
Determines the time interval for the Account Lockout feature.
User's accounts are locked when the number of denials (failed authentication attempts) for the account exceeds the configured threshold during this interval. When this interval expires, the denial counter for each user is deleted and the interval begins again.
If this value is too large, legitimate users who occasionally mistype or forget their password might be denied access unnecessarily. If the value is too small, malicious users can program a wait time into their programs and continue their attempts to infiltrate the account.
Note
Account lockout prevents all dial-in access to a locked user account, not just access from the computer that submitted the failed authentication.
Tip
The denial counter for each user is stored in the value of Denials. The denial threshold for this computer is stored in the value of MaxDenials.
Related Entries
