JSI Tip 6165. Why does Windows automatically adjust the value of the 'Reset account lockout counter after' setting?

Jerold Schulman

January 1, 2003

1 Min Read
ITPro Today logo in a gray background | ITPro Today

The Account Lockout policy has 3 variables:

Account lockout threshold

The number of log on attempts a user can make before the account is locked.

Reset account lockout counter after

The time that must elapse before the counter is reset to zero.

Account lockout duration

The time that must elapse before an account is unlocked and the user can attempt to log on.

If you set the value of Reset account lockout counter after to be greater than the value of Account lockout duration, Windows automatically adjusts this value to be equal to the value of Account lockout duration because if it didn't, Account lockout duration would count down first and make it possible for the user to attempt logon, while the Reset account lockout counter after counter was still decrementing, not having reset the bad attempts counter. This would guarantee that the user could never log on again.



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like