How to Adjust Windows RDP Account Lockout Policies to Prevent Future Lockouts

by

As the owner of the remote server, you have control over the account lockout settings and can make adjustments to prevent this issue from happening again. Here are some steps you can take to modify the account lockout policy:

Table of Contents Hide
1) For Windows Server:
2) Using Group Policy Management:
3) Additional Recommendations:

For Windows Server:

  1. Access Local Security Policy:
  • Press Windows + R, type secpol.msc, and press Enter to open the Local Security Policy window.
  1. Navigate to Account Lockout Policy:
  • In the left pane, expand Account Policies and click on Account Lockout Policy.
  1. Modify Account Lockout Settings:
  • Double-click on Account lockout threshold and set the number of invalid logon attempts before the account is locked out. Setting it to 0 will disable account lockout.
  • Adjust the Account lockout duration to determine how long an account remains locked out (in minutes).
  • Set the Reset account lockout counter after to specify the time period after which the counter is reset (in minutes).
  1. Apply the Changes:
  • Click Apply and then OK for each setting you modify.

Using Group Policy Management:

  1. Open Group Policy Management Console:
  • Press Windows + R, type gpmc.msc, and press Enter.
  1. Edit the Default Domain Policy:
  • In the left pane, navigate to your domain, right-click on Default Domain Policy, and select Edit.
  1. Navigate to Account Lockout Policy:
  • In the Group Policy Management Editor, go to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Account Lockout Policy.
  1. Modify Account Lockout Settings:
  • Double-click on Account lockout threshold and set the desired value.
  • Adjust the Account lockout duration and Reset account lockout counter after as needed.
  1. Apply the Changes:
  • Click Apply and then OK for each setting you modify.
  • Close the Group Policy Management Editor.

Additional Recommendations:

  • Implement Account Lockout Monitoring: Use tools to monitor and log failed login attempts to identify and mitigate potential security threats.
  • Enable Account Lockout Notifications: Configure alerts to notify you or the system administrator when an account is locked out.
  • Educate Users: If other users have access to the server, educate them on proper password practices to reduce the chances of account lockouts.

By configuring these settings, you can reduce the likelihood of account lockouts and improve overall security management for your server.