Friday, March 12, 2010

Sriraj Digital Magazine > Windows > Making windows login secure: Account lockout policies

Making windows login secure: Account lockout policies

March 17, 2009 · Article by Sriraj · 1 Comment 

We have seen previously how to secure your shared computer by saving your login data into a floppy. That method should only be used if all other securing methods fail, as you cannot login in case you loose your floppy somewhere: D.

If you are using a shared computer in your home or office or you are the administrator to a set of computers, you must be cautious about who is logging onto the systems. There is a greater chance that un-authenticated persons are trying to login to other accounts for obvious reasons. If you have a strong password then it would be that difficult for the intruder to guess it. But who knows, he may somehow get to your password after a few login attempts.

This may not be only made by a person himself. If your use a system connected to Internet, any robot intended for such purposes can make these attempts.

So how to protect your login and make it secure?

You can control the number of login attempts that can be made by a person before he actually logs into his windows account. If he fails to do so, you can disable the login for some time or you can permanently disable that login.

Sometimes, it may be possible that the actual user of that system may make a simple typo and go past the set login limits or he may have forgotten the login. So you must be careful in setting the limits.

To set such limits go to Start -> Control panel -> Administrative tools (Which may be in Performance and maintenance) and finally click on Local Security Policy.

There you see three settings:

 Account lockout duration, which determines the number of minutes a locked-out account, remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it.

Account lockout threshold, which determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out and finally

Reset account lockout counter after determines This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration.

So keeping in mind the legitimate users, you can set the values for each of the above.

A good number for Account lockout threshold could be 5 and 50-60 minutes would be sufficient for Reset account lockout after value to exhaust the online robots attempts.

Filed under Windows · Tagged with , , ,

Visitors who read this article also read:

  1. Make your windows login more secureYou probably know how to protect your data on a shared computer. You would simply create an account by going...
  2. Easily withdraw money from your Paypal account I’ll not bother you much describing what is PayPal and how can you do your business with Paypal as...
  3. New Pension scheme tier 2 account detailsIf you are employed under private sector, you may be contributing a part of your earnings into the Employees provident...
  4. Set up free SMS alerts for your Gmail account[The article that you're trying to read no longer exists] Instead, to accomplish your needs, you may try using the...
  5. Protect your word document with a passwordAlthough you have your own windows account in a computer, sometimes you have to protect some documents that are too...
  6. Deactivating plugins when unable to loginLast week I encountered a wordpress headers problem due to which I was unable to login to my admin page....

Comments

One Response to “Making windows login secure: Account lockout policies”

Trackbacks

Check out what others are saying about this post...
  1. How to protect a word document with a password? | Sriraj.org says:
    March 27, 2009 at 5:34 am

    [...] with a password Posted by sriraj on Friday, March 27, 2009, 5:34 Although you have your own windows account in a computer, sometimes you have to protect some documents that are too secretive to be left [...]

    Reply


Have something to say?

Tell us what you're thinking...

Have your own website

Sriraj Digital Magazine on Mobile

Now you can have all the latest updates while you are on the go too. Just visit our website www.sriraj.org from your mobile and stay updated. The content is especially formatted for touch devices, but I promise, other mobile users won't be disappointed too.
Note: If you are being taken to the normal website when visiting through your mobile, please let me know your mobile make and its user-agent (like Nokia6300, for example)