HOWTO set account lockout by command line

Recently I read an article about how to harden Windows 10 accounts’ security vs brute force attacks.

One of the ‘easy’ countermeasures is to enable the account lockout.

The idea is to lock the attacked account after a number of consecutive failed login tries to increase the time-costs of the attack.

You can set it up by using Local Security Policies from your Administration Tools, but naturally, it isn’t available in Home editions.
For Home edition computers, we need the proper commands to type in Command Prompt.

After a short investigation, I found this brilliant tutorial page.

Command Lines

From an administrative Command Prompt:

  • see the current settings by the following command
net accounts
  • set the consecutive failed login threshold to trigger the lockout (0 = disabled)
net accounts /lockoutthreshold:<failed_login_max_number>
  • set the lockout reset counter window (default: 30 minutes)
net accounts /lockoutwindow:<minutes_to_reset_failed_attempts_counter>
  • set the lockout duration (default: 30 minutes)
net accounts /lockoutduration:<minutes_of duration>