Automatically lock out Windows 7 users after unsuccessful logon attempts (wrong password entered)
If someone can try as many username / password combinations as needed to try to hack into a computer, perseverance and/or a computer program that simulates logon attempts will eventually crack these credentials and gain access to a compromised machine. By default, Windows 7 allows you to try unlimited (unsuccessful) attempts to login to a user account. As often, user-friendliness and security stand on opposite end; to make your PC more secure, you can configure Windows 7 to temporarily block a profile in these cases, rendering unauthorized access nearly unfeasible even to the most dedicated hacker. As you'll learn in this tutorial, there are a few security settings you can tweak for user logons.
Prevent people from guessing Windows 7 passwords just by trying!
Once you are logged into Windows, click on the start menu:
- Type "secpol.msc" in the search field and hit Enter (or click on the first result).
- When the Local Security Policy editor / snap-in opens, double-click on "Security Settings" to expand it if needed; otherwise, directly double-click on "Account Policies".
- Select "Account Lockout Policies" on the left, and 3 configurable options will load on the right:
- The "Account Lockout Threshold" value determines how many invalid logons Windows 7 will accept to handle before taking action; by default, this is set to
zero, but the setting described next is also set to "Not Applicable" - no action taken, in other words.
Double-click on Account lockout threshold, and enter a number (of wrong username / password entered) of your choice. Click "OK" to apply your setting, and Windows 7 will suggest default values for the two remaining settings - you can click "OK" to accept them as well, but we'll describe them anyway; in our case (5attempts), Windows suggests30minutes for each:
- The "Account Lockout Duration" setting, which you can edit by double-click on it, determines how many minutes should pass after the last unsuccessful login attempt, before Windows 7 allows someone to try to logon to that particular user account (this doesn't affect other profiles on that same computer, but will affect remote logins to the user account in question).
- With the "Reset Account Lockout Counter After" option, Windows 7 lets you customize how long it will remember the lockout "penalty", with the number of invalid login attempts; this will typically be the same value as Account Lockout Duration, but you could ensure Windows to enforce stiffer penalties well after that initial lockout duration. Example: if Account lockout duration is "
30minutes", someone can try again to sign in to that user account after 31 minutes: if Reset account lockout counter is also 30 minutes, Windows 7 starts counting invalid credentials at zero (but will let the user in if credentials are valid). If your lockout counter is set to a larger amount of time (say, one hour), Windows would lock that user account after a single invalid logon, since it "remembers" that a person already tried so many times before that point.
To disable automatic user account lockout, just set the "Account Lockout Threshold" back to zero, and Windows will automatically set the two other settings to "Not Applicable" when you click "OK".
Reset Change Windows 7 Password is not affiliated with Microsoft; Windows 7, the Windows logo, and other Windows-related brands mentioned on this site are registered trademarks of Microsoft and/or other companies. Always use best judgment when changing Windows 7 password and other credentials or security settings on your computer, laptop, or PC. Information on change your Windows 7 password is provided "as is", without warranties of any kind. Keep your Windows 7 passwords safe and never share them.