How To Block Failed Login Attempts In Windows 7
Even if you put a password on your computer, that doesn’t stop someone from breaking in by using a brute force password guessing technique. Although more of a problem for Laptops than your home desktop, I’m going to show you a trick used by almost all corporations who run Windows. Essentially what were going to do is run a command that will lock your login account for a specified amount of time after a specified number of bad login attempts (wrong password). By doing this an attacker won’t be able to use an application to try a few million passwords per minute against your computer to break in since every 10, 20, 30 etc. attempts will lock the account for a few minutes thus killing any attempt to break in. Here, let me show ya.
Step 1 – Launch CMD as an administrator
Click the Start Menu Orb and Type cmd into the search box. Under the programs list that appears Right-Click cmd.exe and Select Run as administrator from the context menu.
Step 2
In the command line, Type in the following command:
net accounts /lockoutthreshold:10
You can replace the number 10 with any number you like, this will determine how many incorrect password attempts can occur before a lockout is initiated. Personally, 20 or even 30 should be fine but 10 is a good number for most people even if you commonly fat finger your password.
Step 3 – Set the account lockout duration
By default, when your account is locked due to the X failed attempts you set above, your account will be locked out for 30 minutes. I personally think that’s a bit excessive. My recommendation is you change it to something like 3 or 5 minutes so even if you fat finger your password, you only need to wait a few minutes to try your password again. You can change this using the following command:
net accounts /lockoutduration:30
The lockout duration can be set to any value between 1 and 99,999 minutes.* If you set it to 0, the account will be locked until an Admin unlocks it… Don’t do that.
*This range varies depending on which version of Windows 7 you are running.
Done!
Now whenever someone attempts to break into your computer by guessing your password Windows will lock them out!
3 Comments
Leave a Reply
Alex
Thanks. This is very handy. I just wonder how would you check the current status? I believe we have it set already by GPO. Thanks
Mary McDonald
I tried this on my Win7/system32 laptop and was told that ‘/’ was not a valid command, it did not recognize ‘lockoutthreshold’ and & wanted a vertical bar, not a colon after the ‘forcelogoff’ command. After several attempts it accepted part of the syntax “net accounts \ forcelogoff|10”. It did not accept “10” after the vertical bar. The message said: ’10’ is not recognized as an internal or external command, operable program or batch file. When I typed ‘net accounts’ (by itself), it gave me a listing of settings, which included ‘NEVER’ for the Lockout Threshold. Lockout duration is 30 minutes. Any suggestions?
brett
Ya, go re-install windows 7, seems like someone messed up your +COM files or your firewall / antivirus over ride your base settings. try using outpost firewall with a separate antivirus i.e. nod32 by eset