CyberSolutions: Auto Lockdown Your PC After a Certain Number of Invalid Logon Attempts

Wednesday, June 24, 2015

Auto Lockdown Your PC After a Certain Number of Invalid Logon Attempts

Before doing anything, let’s check if there are any pre-set thresholds on your Windows computer. To do that, open your command prompt as admin (press “Win + X” and select “Command Prompt (admin)” ) and enter the following command:

net accounts

Once you execute the above command, the command prompt will display your current account security policy. If there is no previous threshold set, then you should see the value “Lockout threshold” set to “Never.”
2. To temporarily lock your PC after a certain number of invalid logon attempts, we are going to modify a couple of Windows local security policies. First, press “Win + X” and select “Control Panel” from the list of options.

3. Select “Administrative Tools.” Also ensure that “view by” is set to large or small icons.

4. Here find and double click on “Local Security Policy.” This action will open “Local Security Policy” window.

5. Now on the left pane, navigate to “Account Policies” and then “Account Lockout Policy.” Now on the right pane, select and double click on “Account lockout threshold.”

Enter the allowed number of invalid logon attempts and click on the OK button to save changes. As you can see from the image below, I’ve entered the value as 10, i.e. Windows will lock out the computer after ten invalid logon attempts.

As soon as you click on the OK button, Windows will open another window with optimal suggestions where “Account lockout duration” is set to 30 minutes and “Reset account lockout counter after” is also set to 30 minutes. Just click on the OK as 30 minutes is more than enough for any computer. Also, you can reset the lockout and reset the time any time you want from “Local security policy.”

Once everything is done, your Local security policy window will look something like this.

Alternatively, you can also confirm the changes using the command prompt method show above:
net accounts

Once executed, you will see that the “Lockout threshold” is set to 10 attempts and duration and reset window is set to 30 minutes each.
That’s all there is do. From now on, your Windows machine will block any user after a certain number of invalid logon attempts effectively blocking password guesses and brute force attacks.
Hopefully that helps, and do comment below if you face any problems while setting up the lockout threshold in your Windows machine.

No comments :

Post a Comment