LAlarm - Free Laptop Alarm Security Software > Product > Knowledge Base > General > Account Lockout

Account Lockout

Account Lockout locks a user account if a number of failed logon attempts occur within a specified amount of time. Account Lockout is a useful and important security feature. This article provides how to enable an account lockout and enable auditing for the lockout by using a Microsoft program. LAlarm also provides a similar (and┬ásimplified) tool to enable account lockout and account policy. If you’d like to use the LAlarm tool instead, please see the manual.



For Vista Business, Ultimate, Windows 7 Pro, Windows 7 Ultimate and XP Pro editions
Enabling The Account Lockout

  1. Run secpol.msc
  2. Select Account Policies / Account Lockout Policy.
  3. Specify lockout duration and threshold. For example, enter 30 minutes for Account lockout duration value. Enter 4 for Account lockout threshold value. It┬ámeans 4 invalid logon attempts will trigger an account lockout. For “Reset account lockout counter after” value, you can enter the same number as the threshold or refer to the Microsoft Windows local security policy guideline.

Note: secpol.msc is a Local Security Policy tool. You can also run it by selecting Start / Settings / Control Panel / Administrative Tools / Local Security Policy.

Enabling Audit Policy For Account Lockout

  1. Run secpol.msc
  2. Select Local Policies and Audit Policy.
  3. Double click on “account management” and select Success, Failure.

For Vista Home Edition and Windows 7 Home Edition
Vista Home edition and Windows 7 Home edition do not have secpol.msc, thus you have to use an alternative way. You can use the LAlarm account lockout tool described in the product manual if you are using English edition of Windows. Or you can contact your network administrator for help if you have one. If you are using non-English Windows, contact LAlarm Tech Support or your administrator for a help.

For XP Home Edition
XP Home edition doesn’t have secpol.msc. Contact your network administrator for help if you have one. You’re also welcome to contact our Tech Support if you need help.

How To Verify Settings?

  1. Enable lockout and audit policy for account management
  2. Restart the computer
  3. Enter wrong password (or user name) at the logon prompt repeatedly
  4. Wait until lockout is ended.
  5. Check the security events (eventvwr.msc) to see if the lockout event is recorded. The setting is correct if there is an account lockout event recorded in the security events.

Resources

Posted in General