Account Lockout Policy Command Line

Using the Registry

To configure an individual computer to lock out a user account after three invalid remote access authentication attempts, modify the following Registry value:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\

Parameters\AccountLockout] "MaxDenials"=dword:3

Note Set this value to 0 to disable remote access account lockouts.

To configure an individual computer to lock out a user account for 30 minutes, modify the following Registry value:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\

Parameters\AccountLockout] "ResetTime (mins)"=dword:30

â– Note By default, the Registry Editor displays this value in hexadecimal format. Click the Decimal radio button to enter the value normally.

Using a Command-Line Interface

The following command configures the remote access account lockout threshold to five failed remote authentication requests:

> reg add HKLM\System\CurrentControlSet\Services\RemoteAccess\Parameters\ AccountLockout /v MaxDenials /t REG DWORD /d 5 /f

The following command configures the remote access account lockout duration to 60 minutes:

> reg add HKLM\System\CurrentControlSet\Services\RemoteAccess\Parameters\ AccountLockout /v "ResetTime (mins)" /t REG_DWORD /d 60 /f

Using VBScript

This script will configure the account lockout threshold and lockout duration for an IAS server:

' This code configures the account lockout threshold and ' lockout duration for an IAS server

Const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." strKeyPath =

"SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AccountLockout" dValueName = "MaxDenials" dValue = "3"

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ strComputer & "\root\default:StdRegProv")

oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,dValueName,dValue dValueName = "Reset Time(mins)" dValue = 30

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,dValueName,dValue WScript.Echo "Value set."

Was this article helpful?

0 0

Responses

  • SISKO
    Where is account lockout policy in registry server 2003?
    1 year ago

Post a comment