You share your computer with other
members of your family, each of
whom has a user account. You want
to prevent others from cracking your
password with repeated attempts.
To be able to edit the account blocking policies, click ‘Start’, and type “Local” as the search term. Windows shows the search results directly in the start menu. Double click ‘Local security policies’ under ‘Programs’. If you work with a user without administrator rights, right click ‘Local security policies’ and select the context command ‘Run as administrator’. You will then have to authorize the command by selecting an Admin account and entering the password.
In the ‘Local security policies’ dialog, click the small triangle to the left near ‘Account policies’ to open the structure below the entry. Then select ‘Account lockout policies’. On the right side of the tool, you will now find three points with which you can define the blocking of an account in case of repeated incorrect password entry attempts. First double click ‘Account lockout threshold’. Here, define the number of permissible invalid login attempts. For instance, enter a ‘5’ in the input field of the following dialog if Windows should block the account after 5 invalid login attempts. This prevents accidental lockouts when you mistype the password yourself. If you enter a ‘0’, Windows will never block the account. As soon as you enter a value under ‘Account lockout threshold’, Windows fills the remaining values with recommended default values that you can change.
The operating system understands the ‘Account lockout duration’ as the time period during which Windows blocks an account. At the end of this period, the operating system removes the block. If you enter ‘0’ in the ‘Account blocking period’, a computer administrator will have to explicitly remove the block.
Lastly, you can also enter the ‘Reset account lockout after’. Here, you can define how many minutes must pass in all before Windows resets the counter for unsuccessful login attempts after an invalid login attempt. This value must be smaller than or equal to the account blocking time. If you still do not define an ‘Account blocking period’ and leave the task of releasing a blocked account to the administrator, it can be done in ‘Computer Management’. For that, log in to an admin account. Then click ‘Start’ and enter the search term ‘Computer Management’ under ‘Programs/Files’. Start the application by double clicking the entry under ‘Programs’.
Now open ‘Computer Management | System | Local User and Groups’ under ‘Computer Management’ in the tree structure on the left. Then double click the entry of the blocked user in the right hand pane. In the next dialog, remove the tick mark against ‘Account is blocked’ and confirm your action with ‘OK’. The user can now log in to the system again.
Caution: For private computer systems, an ‘Account lockout period’ other than zero is recommended. If you exceed the number of invalid login attempts for all accounts including the admin accounts and lock yourself out completely, you have no way of accessing your computer again. At least one admin account should thus remain accessible at all times.
To be able to edit the account blocking policies, click ‘Start’, and type “Local” as the search term. Windows shows the search results directly in the start menu. Double click ‘Local security policies’ under ‘Programs’. If you work with a user without administrator rights, right click ‘Local security policies’ and select the context command ‘Run as administrator’. You will then have to authorize the command by selecting an Admin account and entering the password.
In the ‘Local security policies’ dialog, click the small triangle to the left near ‘Account policies’ to open the structure below the entry. Then select ‘Account lockout policies’. On the right side of the tool, you will now find three points with which you can define the blocking of an account in case of repeated incorrect password entry attempts. First double click ‘Account lockout threshold’. Here, define the number of permissible invalid login attempts. For instance, enter a ‘5’ in the input field of the following dialog if Windows should block the account after 5 invalid login attempts. This prevents accidental lockouts when you mistype the password yourself. If you enter a ‘0’, Windows will never block the account. As soon as you enter a value under ‘Account lockout threshold’, Windows fills the remaining values with recommended default values that you can change.
The operating system understands the ‘Account lockout duration’ as the time period during which Windows blocks an account. At the end of this period, the operating system removes the block. If you enter ‘0’ in the ‘Account blocking period’, a computer administrator will have to explicitly remove the block.
Lastly, you can also enter the ‘Reset account lockout after’. Here, you can define how many minutes must pass in all before Windows resets the counter for unsuccessful login attempts after an invalid login attempt. This value must be smaller than or equal to the account blocking time. If you still do not define an ‘Account blocking period’ and leave the task of releasing a blocked account to the administrator, it can be done in ‘Computer Management’. For that, log in to an admin account. Then click ‘Start’ and enter the search term ‘Computer Management’ under ‘Programs/Files’. Start the application by double clicking the entry under ‘Programs’.
Now open ‘Computer Management | System | Local User and Groups’ under ‘Computer Management’ in the tree structure on the left. Then double click the entry of the blocked user in the right hand pane. In the next dialog, remove the tick mark against ‘Account is blocked’ and confirm your action with ‘OK’. The user can now log in to the system again.
Caution: For private computer systems, an ‘Account lockout period’ other than zero is recommended. If you exceed the number of invalid login attempts for all accounts including the admin accounts and lock yourself out completely, you have no way of accessing your computer again. At least one admin account should thus remain accessible at all times.
0 comments:
Post a Comment
please write your comment
Note: Only a member of this blog may post a comment.