JSI Tip 6165. Why does Windows automatically adjust the value of the 'Reset account lockout counter after' setting?

The Account Lockout policy has 3 variables:

Account lockout threshold The number of log on attempts a user can make before the account is locked.
Reset account lockout counter after       The time that must elapse before the counter is reset to zero.
Account lockout duration The time that must elapse before an account is unlocked and the user can attempt to log on.

If you set the value of Reset account lockout counter after to be greater than the value of Account lockout duration, Windows automatically adjusts this value to be equal to the value of Account lockout duration because if it didn't, Account lockout duration would count down first and make it possible for the user to attempt logon, while the Reset account lockout counter after counter was still decrementing, not having reset the bad attempts counter. This would guarantee that the user could never log on again.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish