Change Account Lockout Threshold in Windows 11

This post shows steps for students and new users to change the account lock threshold in Windows 11.

Windows 11 has a new account lockout policy to protect users against brute-force password attacks.

The Account lockout threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until you reset it or until the number of minutes specified by the Account lockout duration policy setting expires.

You can set a value from 1 through 999 failed sign-in attempts or specify that the account will never be locked by setting the value to 0.

Starting with Windows 11 build 22528 and higher, a new default policy is as follows:

• The account lockout threshold is now set to 10 failed sign-in attempts by default
• Account lockout duration is now set to 10 minutes by default.
• Allow Administrator account lockout is now enabled by default.
• Reset account lockout counter after is now set to 10 minutes by default.

Below is how to change the default account lockout threshold in Windows 11.

How to change the account lockout threshold in Windows 11

As mentioned, Windows 11 now has a new account lockout policy to protect users against brute-force password attacks.

Here’s how to do it.

First, open Local Group Policy Editor by clicking on the Start menu and searching for Edit group policy as highlighted below.

Under Best match, select Edit group policy to launch Local Group Policy Editor.

In the left pane of Local Group Policy Editor, expand the tree: 

 Computer Configuration > Windows Settings > Security Settings > Account Lockout Policy

Then, in the Account Lockout Policy details pane on the right, locate and double-click the setting Account lockout threshold.

In the Account lockout threshold Properties window, choose several invalid login attempts before an account is locked.

Select OK.

Close Local Group Policy Editor.

Alternatively, users can use Windows Terminal to change the account lockout threshold in Windows 11.

To do that, first, open Windows Terminal as administrator and select either Windows PowerShell or Command Prompt.

Once opened, run the command below to change the account lockout threshold in Windows 11.

net accounts /lockoutthreshold:<number>

Change the <number> to the number of invalid logon attempts before an account is locked.

That should do it!

Conclusion:

• In Windows 11, the account lockout policy is a crucial security feature that protects users against brute-force password attacks.
• Users can modify the account lockout threshold using the Local Group Policy Editor or Windows Terminal, providing flexibility and control over account security.
• By adjusting the account lockout threshold, users can customize the number of failed sign-in attempts that trigger an account lock, enhancing security based on specific requirements.