Microsoft

How To Block Failed Login Attempts In Windows 7

Last Updated on

imageEven if you put a password on your computer, that doesn’t stop someone from breaking in by using a brute force password guessing technique.  Although more of a problem for Laptops than your home desktop, I’m going to show you a trick used by almost all corporations who run Windows.  Essentially what were going to do is run a command that will lock your login account for a specified amount of time after a specified number of bad login attempts (wrong password).  By doing this an attacker won’t be able to use an application to try a few million passwords per minute against your computer to break in since every 10, 20, 30 etc. attempts will lock the account for a few minutes thus killing any attempt to break in.  Here, let me show ya.

Step 1 – Launch CMD as an administrator

Click the Start Menu Orb and Type cmd into the search box.  Under the programs list that appears Right-Click cmd.exe and Select Run as administrator from the context menu.

run cmd as administrator

Step 2

In the command line, Type in the following command:

net accounts /lockoutthreshold:10

set lock out threshold in windows 7

You can replace the number 10 with any number you like, this will determine how many incorrect password attempts can occur before a lockout is initiated.  Personally, 20 or even 30 should be fine but 10 is a good number for most people even if you commonly fat finger your password.

Step 3 – Set the account lockout duration

By default, when your account is locked due to the X failed attempts you set above, your account will be locked out for 30 minutes.   I personally think that’s a bit excessive.  My recommendation is you change it to something like 3 or 5 minutes so even if you fat finger your password, you only need to wait a few minutes to try your password again.  You can change this using the following command:

net accounts /lockoutduration:30

The lockout duration can be set to any value between 1 and 99,999 minutes.*  If you set it to 0, the account will be locked until an Admin unlocks it… Don’t do that.

*This range varies depending on which version of Windows 7 you are running.

set lockout duration in windows 7

Done!

Now whenever someone attempts to break into your computer by guessing your password Windows will lock them out!

3 Comments

3 Comments

  1. Alex

    Thanks. This is very handy. I just wonder how would you check the current status? I believe we have it set already by GPO. Thanks

    Reply

  2. Mary McDonald

    I tried this on my Win7/system32 laptop and was told that ‘/’ was not a valid command, it did not recognize ‘lockoutthreshold’ and & wanted a vertical bar, not a colon after the ‘forcelogoff’ command. After several attempts it accepted part of the syntax “net accounts \ forcelogoff|10”. It did not accept “10” after the vertical bar. The message said: ’10’ is not recognized as an internal or external command, operable program or batch file. When I typed ‘net accounts’ (by itself), it gave me a listing of settings, which included ‘NEVER’ for the Lockout Threshold. Lockout duration is 30 minutes. Any suggestions?

    Reply

  3. brett

    Ya, go re-install windows 7, seems like someone messed up your +COM files or your firewall / antivirus over ride your base settings. try using outpost firewall with a separate antivirus i.e. nod32 by eset

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

 

Related Items:, ,
To Top