DEV Community

Arjun Das for Win11Verse

Posted on • Originally published at win11verse.com on

How to Enable/Disable Built-in Administrator Account Lockout in Windows 11?

The built-in Administrator account in Windows 11 is a powerful tool with unrestricted access to system settings and files. By default, this account is protected from lockouts, but there are scenarios where enabling or disabling the Administrator account lockout can be beneficial for security or troubleshooting purposes. This guide provides comprehensive instructions on how to enable or disable the Administrator account lockout in Windows 11 using various methods.

Why Enable or Disable Administrator Account Lockout?

Enabling the Administrator account lockout can enhance security by preventing unauthorized access after multiple failed login attempts. Disabling it, on the other hand, can be useful for administrators who need uninterrupted access to system settings without the risk of accidental lockouts.

Method 1: Using Local Security Policy

Note: The Local Security Policy is only available in Windows 11 Pro, Enterprise, and Education editions.

The Local Security Policy tool allows administrators to manage security settings for accounts, including lockout policies. Here’s how:

  • Open the Run dialog by pressing Winkey + R, type secpol.msc, and press Enter.

Open secpol.msc command in run window
Open secpol.msc command in run window

  • In the Local Security Policy window, navigate to:
    • Account Policies > Account Lockout Policy

Navigate to the following directory
Navigate to the following directory

  • Locate the Account lockout threshold policy and double-click it.

Set invalid logon attempts to 0
Set invalid logon attempts to 0

  • Set the number of invalid login attempts allowed before the Administrator account is locked out, or set it to 0 to disable account lockouts entirely.
  • Click Apply and OK to save your settings.

Note: Setting the lockout threshold to 0 disables the lockout feature, while any positive value enables it and specifies the number of failed attempts allowed.

Method 2: Using Group Policy Editor

The Group Policy Editor provides another method to control the Administrator account lockout policy.

  • Open the Run dialog by pressing Winkey + R, type gpedit.msc, and hit Enter.

Run gpedit.msc
Run gpedit.msc

  • Navigate to the following path:
    • Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy

Navigating inside the GP Editor
Navigating inside the GP Editor

  • Double-click Account lockout threshold.
  • Set the threshold to a specific number to enable lockout after that many failed attempts, or set it to 0 to disable the lockout feature.

Set invalid logon attempts to 0
Set invalid logon attempts to 0

  • Click Apply and OK to save changes.

This method is ideal for administrators who need to set consistent policies across multiple devices.

Method 3: Using Command Prompt

For users comfortable with command-line tools, Command Prompt provides a fast way to enable or disable the Administrator account lockout:

  • Open Command Prompt as Administrator by typing “cmd” in the search bar, right-clicking it, and selecting Run as administrator.

Open Command Prompt using Run as Administrator
Open Command Prompt using Run as Administrator

  • To set a lockout threshold, enter the following command:
    • net accounts /lockoutthreshold:<number>

Setting the value to 0 in command prompt
Setting the value to 0 in command prompt

  • Replace <number> with the desired number of failed attempts. Setting this to 0 disables the lockout feature.
  • Press Enter, and the changes will take effect immediately.

This method is quick and efficient, especially for administrators who prefer command-line controls.

Method 4: Using PowerShell

PowerShell also offers a straightforward way to manage the Administrator account lockout settings:

  • Open PowerShell as Administrator by right-clicking the Start button and selecting Windows Terminal (Admin).

Opening PowerShell as Admin Mode
Opening PowerShell as Admin Mode

  • To enable the lockout threshold, use the following command:
    • net accounts /lockoutthreshold:<number>

Setting the threshold value to 0 in powershell
Setting the threshold value to 0 in powershell

  • Replace <number> with the number of failed attempts before lockout. Set it to 0 to disable lockouts.
  • Press Enter to apply the setting.

PowerShell provides a powerful way to adjust lockout settings, particularly useful for automating or scripting security configurations.

Method 5: Using Registry Editor

Important: Modifying the registry can be risky if not done correctly. Always back up your registry before making changes.

For users who prefer a more advanced method, the Registry Editor allows you to adjust account lockout settings manually:

  • Press Winkey + R, type regedit, and press Enter to open the Registry Editor.

Running Regedit Command in Run Window
Running Regedit Command in Run Window

  • Navigate to the following key:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Navigating to the following directory
Navigating to the following directory

  • Locate the AccountLockoutThreshold entry. If it doesn’t exist, right-click, select New > DWORD (32-bit) Value, and name it AccountLockoutThreshold.

Changing the DWORD 32 value to 1 to set lockout threshold
Changing the DWORD 32 value to 1 to set lockout threshold

  • Set the value to:
    • 0 to disable lockouts.
    • Any positive number to enable lockouts after that many failed attempts.
  • Click OK and restart your computer to apply the changes.

Using the Registry Editor provides direct control over lockout policies but should only be used by users comfortable with registry modifications.

Conclusion

Controlling the Administrator account lockout settings in Windows 11 allows you to improve security or prevent lockouts depending on your needs. By following the methods above, you can easily enable or disable the lockout feature through Local Security Policy , Group Policy Editor , Command Prompt , PowerShell , or Registry Editor. Choose the method that best fits your security requirements and technical comfort level.

Queries asked by Users:

Will these changes affect all user accounts?

These settings apply specifically to the built-in Administrator account. Standard user accounts follow separate lockout policies.

Is it safe to modify the registry for account lockout settings?

Yes , but always back up the registry before making changes to prevent unintended consequences.

How can I reset a locked Administrator account?

If the Administrator account becomes locked, use another admin account to adjust the lockout settings or unlock it through Local Security Policy or Group Policy Editor.

Can I change the lockout threshold without enabling it?

No , the threshold determines the number of attempts before lockout. Setting it to 0 disables the lockout entirely.

What happens if I disable the Administrator account lockout?

Disabling the lockout prevents the Administrator account from being locked after multiple failed login attempts, allowing for uninterrupted access.

Top comments (0)