How to Enable or Disable Administrator Account Lockout in Windows 11

This post shows students and new users steps to change or turn On or Off built-in administrator account lockout in Windows 11.

Windows 11 now has a new account lockout policy to protect users against brute-force password attacks.

The Allow Administrator account lockout policy determines whether the built-in administrator account is subject to the account lockout policy.

When you subject the built-in admin user to the account lockout policy, it will apply the Account lockout threshold policy setting, which determines the number of failed sign-in attempts that will cause a user account to be locked.

Account lockout duration policy setting will be applied to the built-in administrator account, which also determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked.

Starting with Windows 11 build 22528 and higher, a new default policy is as follows:

  • The account lockout threshold is now set to 10 failed sign-in attempts by default
  • Account lockout duration is now set to 10 minutes by default.
  • Allow Administrator account lockout is now enabled by default.
  • Reset account lockout counter after is now set to 10 minutes by default.

Below is how to enable or disable the account lockout policy for the built-in administrator account in Windows 11.

How to turn on or off account lockout policy for the built-in administrator account in Windows 11

As mentioned above, specific account lockout policies can be applied to normal users in Windows 11. However, if you also want to apply these policies to the built-in administrator account, you must enable Allow Administrator account lockout.

Below is how to turn on or off Allow Administrator account lockout policy in Windows 11.

To turn it on or off this policy, open Local Group Policy Editor by clicking on the Start menu and searching for Edit group policy, as highlighted below.

Under Best match, select Edit group policy to launch Local Group Policy Editor.

In the left pane of Local Group Policy Editor, expand the tree: 

 Computer Configuration > Windows Settings > Security Settings > Account Lockout Policy

Then, locate and double-click the setting Allow Administrator account lockout in the Account Lockout Policy details pane on the right.

On the Allow Administrator account lockout Properties window, set to Enabled or Disabled to turn on or off the policy.

Select OK.

Close Local Group Policy Editor.

That should do it!

Conclusion:

This post showed you how the enable or disable the administrator account lockout policy in Windows 11. Please use the comment form below if you find any errors above or have something to share.

Tags:

Richard W

I love computers; maybe way too much. What I learned I try to share at geekrewind.com.

1 Response

  1. How to Allow or Prevent Users from Changing Passwords in Windows 11 - Geek Rewind
    02/26/2023

    […] Windows administrator can change all account passwords. However, a standard user account can only change their password, […]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.