Manage Administrator Account Lockout in Windows 11

This post shows students and new users steps to change or turn On or Off built-in administrator account lockout in Windows 11.

Windows 11 has a new account lockout policy to protect users against brute-force password attacks.

The Allow Administrator account lockout policy determines whether the built-in administrator account is subject to the account lockout policy.

When you subject the built-in admin user to the account lockout policy, it will apply the Account lockout threshold policy setting, which determines the number of failed sign-in attempts that will cause a user account to be locked.

Account lockout duration policy setting will be applied to the built-in administrator account, which also determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked.

Starting with Windows 11 build 22528 and higher, a new default policy is as follows:

• The account lockout threshold is now set to 10 failed sign-in attempts by default
• Account lockout duration is now set to 10 minutes by default.
• Allow Administrator account lockout is now enabled by default.
• Reset account lockout counter after is now set to 10 minutes by default.

Below is how to enable or disable the account lockout policy for the built-in administrator account in Windows 11.

How to turn on or off account lockout policy for the built-in administrator account in Windows 11

As mentioned above, specific account lockout policies can be applied to normal users in Windows 11. However, if you also want to apply these policies to the built-in administrator account, you must enable Allow Administrator account lockout.

Below is how to turn on or off Allow Administrator account lockout policy in Windows 11.

To turn it on or off this policy, open Local Group Policy Editor by clicking on the Start menu and searching for Edit group policy, as highlighted below.

Under Best match, select Edit group policy to launch Local Group Policy Editor.

In the left pane of Local Group Policy Editor, expand the tree: 

 Computer Configuration > Windows Settings > Security Settings > Account Lockout Policy

Then, locate and double-click the setting Allow Administrator account lockout in the Account Lockout Policy details pane on the right.

On the Allow Administrator account lockout Properties window, set to Enabled or Disabled to turn on or off the policy.

Select OK.

Close Local Group Policy Editor.

That should do it!

Conclusion

• In Windows 11, users can control the account lockout policy for the built-in administrator account through the “Allow Administrator account lockout” setting.
• By enabling this policy, the account lockout threshold and duration settings will be applied to the built-in administrator account.
• Starting with Windows 11 build 22528 and higher, the default account lockout threshold, duration, and “Allow Administrator account lockout” settings have been established to enhance security.
• Users can easily enable or disable the “Allow Administrator account lockout” policy through the Local Group Policy Editor, providing flexibility in system administration and security management.