Account disabled after one failed logon

Todd Chester 646 Reputation points
2024-04-20T02:00:39.0866667+00:00

Hi All,

W10-pro 22H2

I have a customer with two machines. Both have the same issue If you goof the first attempt to logon, your account gets locked out for five minutes.

Password and attempts is set as follows: 

--> <win><r> secpol.msc 
--> Security Settings (very top of the left pane)
--> Account Policies (left pane)
--> Account Lockout Policy (left pane)

--> Adjust the following (you have to set the threshold first): 
     x Account lockout threshold (middle one) (10)
     x Account lockout duration (5) 
     x Reset account lockout counter after (5)

LocalSecurityPolicy The normal way to unlock an account before the wait period expires is 

--> logon as Administrator
--> <win><R> lusrmgr.msc
--> users
--> select user
--> uncheck "Account is disabled"

Problem: the account is not disabled (lusrmgr.msc):

lusrmgr.msc

<editorial comment> AAAAAAHHHHHH!!!!!!</editorial comment>

Any Words of Wisdom?

-T

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,653 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Todd Chester 646 Reputation points
    2024-04-23T09:03:49.58+00:00

    Figured it out. Everything was working as it was suppose to.

    The reason why the account kept getting locked out was due to a "Brute Force RDP attack". The attacker kept running up the failed log in attempts in rapid succession.

    Fortunately, the security provisions I had put in place held. Now that I know what was causing the issue, I blocked the attackers multiple IP addresses at the network firewall.

    0 comments