In this article, we will learn how we can enable the account lockout group policy in windows servers as most of the companies do not compromise on their security and it becomes more important if the company in which you are working is providing financial services or keeping any other sensitive information.
It is recommended by every IT professional that no one should share their credentials with any other colleague so that no one can log into using other’s credentials and they also recommend to have a group policy which should lockout the user account for some specific time period after wrong password attempts.
Let’s suppose you are working in an organization as a system administrator and the stakeholders give you the task that the account of any user will get lockout if a user tries to log into the machine after some specific number of wrong credentials attempts. You can implement the account lockout policy according to the organization stakeholders need.
Let’s start with the process, log into the windows server as I will use windows server 2012 R2 as an example. Open the server manager and click on tools from the right top corner.
Scroll downs and select group policy management as it will open up a new windows console.
Expand your domain as in this case it is “UsamaZaka.local”, right-click on default domain policy and click on first option “edit”
Once the group policy management editor window is opened, expand computer configuration and then expand policies.
Under policies expand windows settings and then double click on security settings.
Expand the account policies to see the different options for account policy.
Click on account lockout policy and we get three different policies.
Let’s say we want to keep the account remain lockout for 30 minutes after the wrong password attempts so click on “Account lockout duration” and it will open up a windows pop up.
Select the checkbox and then enter “30” value in minutes.
Click apply and another window will pop up which will let you know the effects of policy.
Click “Ok” and then again click “Ok”, it will bring you to the account lockout policy windows.
Double click on “Account lockout threshold” to set the number of invalid login attempts before an account is locked out. Let’s say we want to lock the account after 5 wrong password attempts to enter the value “5” in invalid login attempts
This is how you can enable the account lockout policy in any windows server.