In the previous installment of this article, you learned how to configure a Password Policy in Windows XP through the Local Security Policy. In this installment, you learn how to configure an Account Lockout Policy.

As with implementing a Password Policy, another way in which you can secure your computer is to enable an Account Lockout Policy. This eliminates the ability for someone to sit down at your computer and continuously attempt to guess your user name and password. The Account Lockout Policy settings in Windows XP include the following:

  • Account lockout duration – This specifies how long (in minutes) an account remains locked out. If no value is set, an account must be unlocked by an administrator.
  • Account lockout threshold – This specifies the number of failed log on attempts that are allowed before the account is locked out.
  • Reset account lockout counter after – This specifies the length of time a user must wait until the Account lockout threshold is reset.

An account lockout policy will do just that, lockout an account after a certain number of failed logon attempts. So if a user is trying to guess your password, the user account will be locked out for a certain amount of time after they have reached the number of allowed failed logon attempts (configured the administrator). You can enable an account lockout policy using the following steps:

  1. Open the local security policy (Control Panel | Administrative Tools | Local Security Policy).
  2. Expand Computer Configuration | Windows Settings | Account Policies.
  3. Click Account Lockout Policy.
  4. In the details pane, double click Account lockout threshold.
  5. Increase the value to the number of failed logon attempts you want to allow.
  6. Click OK.
  7. The Suggested Value Changes dialog box will appear. Click OK to accept the default values.

[tags]xp,certification,70-270,account policies,local security policy[/tags]