Password Lockout GPO

Posted on 2011-05-12
Last Modified: 2012-05-11
Can someone explain to me in lamons terms the difference between "Account Lockout Duration" and "Reset Account Lockout Counter After" in Windows 2008 GPO. I've listed a screenshot. To me, it sounds like the are doing the same thing.....please help me understand.
Question by:wantabe2
    LVL 70

    Accepted Solution

    Lockout duration is how long it gets locked out for

    reset counter after is the period during the invalid attempts are logged

    For Example

    If the invalid attempts is set to 3
    and Reset counter after is set to 30min

    You can ty two invalid passwords , then in 30 mins time try another twice, and so on
    unless you make three invalid attempts within 30mins your account will not be locked
    LVL 57

    Assisted Solution

    by:Mike Kline
    So the Account Lockout Duration is how long before the account is unlocked,  so say it is 60 minutes like you see it there.  If I lock my account out then come back from lunch then my account is no longer locked

    Reset Account Lockout Counter is the actual time until the counter for invalid attempts is set back to 0

    So say my password is Password

    then I enter


    So at this point the counter is set to have a threshold of 10 there

    I go to lunch and come back in an hour now my counter is back to 0 because of the 30 minute setting


    LVL 8

    Expert Comment

    Account lockout duration is the amount of time the account remains locked out.
    Reset account lockout counter is the amount of time it stores a bad login attempt in memory.

    So you have account lockout threashold to 10 those ten failed attempts have to occur in a 30 minute period if the first occured at 12:30p it will no long count as a bad login attempt after 1:01p

    LVL 8

    Expert Comment

    Duration is how long it is locked out.

    Reset is how long will your invalid attempt count. Like lets say I tried 9 times and worried that I might get locked out. I can come back in 31 minutes and then I can try 9 more times.
    LVL 5

    Expert Comment

    Account Lockout Duration is the time the account will be locked out for once the account gets locked out.  Reset Account Lockout Counter after is a the length of time until the lockout counter gets reset.  So if a person sets it to 30 minutes and a person logs in 3 out of the 10 times the wrong way they have another 30 minutes until that counter gets reset.  If they log in 7 more times incorrectly within the 30 minutes then their account will get locked out but if they fail 7 times after 30 minutes of the initial 3 incorrect logins then they would still have 3 more attempts.

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now