When attempting to connect to your Windows Server via Remote Desktop, you may encounter this security error:

`"As a security precaution, the user account has been locked out because there were too many logon attempts or password change attempts. Wait a while before trying again, or contact your system administrator or technical support."`

This occurs when Windows Server's default security policy temporarily locks accounts after multiple failed login attempts, preventing unauthorised access attempts while potentially blocking legitimate users.

# Understanding Account Lockout Policies

Windows Server implements account lockout policies as a security measure against brute-force attacks. The system tracks failed login attempts and temporarily disables accounts that exceed the configured threshold. These policies include:

* **Account lockout threshold**: Number of failed attempts before lockout

* **Account lockout duration**: How long the account remains locked

* **Reset account lockout counter after**: Time before the failed attempt counter resets

# Solution: Modify Account Lockout Settings

## Access Local Security Policy

1. Use Onidel Console feature to access to the Windows.

2. Click the **Start** button or press the Windows key

3. Type `secpol.msc` or search for **Local Security Policy**

4. Run the application as Administrator

## Navigate to Account Lockout Settings

1. In the Local Security Policy window, expand **Account Policies** in the left panel

2. Select **Account Lockout Policy**

3. You'll see three configurable settings in the right panel

## Configure the Settings

### Option 1: Disable Account Lockout (Less Secure)

* Double-click **Account lockout threshold**

* Set the value to **0** (zero)

* Click **OK** to apply

* This completely disables account lockouts, allowing unlimited login attempts

### Option 2: Adjust Lockout Parameters (Recommended)

* **Account lockout threshold**: Set to a reasonable number (e.g., 5-10 attempts)

* **Account lockout duration**: Configure in minutes (e.g., 30 minutes)

  * Set to 0 for manual unlock only by administrator

  * Set to a specific value for automatic unlock after that duration

* **Reset account lockout counter after**: Set the time window for counting attempts (e.g., 30 minutes)

## Apply Changes

After modifying the settings:

1. Click **OK** to save each setting

2. Close the Local Security Policy window

3. Changes take effect immediately - no restart required

## Security Considerations

While disabling or reducing account lockout restrictions improves accessibility, consider these security implications:

* **Disabling lockouts** (threshold = 0) removes protection against brute-force attacks

* **Short lockout durations** may not sufficiently deter automated attacks

* **High thresholds** reduce security but minimise accidental lockouts

For production servers, we recommend:

* Maintain a threshold of 5-10 attempts

* Set lockout duration to 15-30 minutes

* Use complex passwords to reduce the likelihood of successful attacks

* Consider implementing additional security layers like IP whitelisting or VPN access