How to change the account lockout threshold

23

The procedure for changing the account lockout threshold is as follows:
1. Log in to the AD server.
2. Choose Start > Administrative Tools > Group Policy Management.
3. In the navigation tree of the Group Policy Management window, choose Group Policy Management > Forest: Domain name > Domains > Infrastructure domain name > Group Policy Objects.
4. Right-click Default Domain Policy and choose Edit.
5. In the navigation tree of the Group Policy Management Editor window, choose Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Account Lockout Policy.
6. In the policy list displayed in the right pane, right-click Account lockout threshold and choose Properties.
7. In the Account lockout threshold Properties window, set a value for invalid login attempts. The recommended value is 5.
8. Click OK.
9. Click OK in the dialog box.
----End

Other related questions:
Method used to change the maximum number of allowed login failures for the USG2000&5000 series
—For a VTY or console administrator, the maximum number of allowed authentication failures can be set in the lock authentication-count command. The default value is 3. # Set the threshold for authentication attempts to 5 on the console port. system-view [sysname] user-interface console 0 [sysname-ui-console0] lock authentication-count 5 —For users who log in through Telnet, SSH, web UI, FTP, SFTP, or SNMP, run the firewall blacklist authentication-count login-failed command to set the threshold for authentication attempts. By default, the value is 3 for Telnet, SSH, web, FTP, and SFTP users or 6 for SNMP users. # Set the threshold for authentication attempts to 5 for administrators who log in through the web UI. system-view [sysname] firewall blacklist authentication-count login-failed 5 If the number of consecutive wrong passwords exceeds the specified threshold, the client IP address is blacklisted to prevent more login attempts. By default, the blacklist entry will be time out in 10 minutes. That is, the user can try to log in again using the same IP address 10 minutes later.

Method used to change the maximum number of allowed login failures for the USG6000 series
—For a VTY or console administrator, the maximum number of allowed authentication failures can be set in the lock authentication-count command. The default value is 3. # Set the threshold for authentication attempts to 5 on the console port. system-view [sysname] user-interface console 0 [sysname-ui-console0] lock authentication-count 5 —For users who log in through Telnet, SSH, web UI, FTP, SFTP, or SNMP, run the firewall blacklist authentication-count login-failed command to set the threshold for authentication attempts. By default, the value is 3 for Telnet, SSH, web, FTP, and SFTP users or 6 for SNMP users. # Set the threshold for authentication attempts to 5 for administrators who log in through the web UI. system-view [sysname] firewall blacklist authentication-count login-failed 5 If the number of consecutive wrong passwords exceeds the specified threshold, the client IP address is blacklisted to prevent more login attempts. By default, the blacklist entry will be time out in 10 minutes. That is, the user can try to log in again using the same IP address 10 minutes later.

How do I change the password of an SC user?
To change the password of an SC user, run the account command and then the password command in the user view, and enter the old and new passwords as prompted.

How to change the password of a user account on the U1900?
1. Log in to the U1900 web UI. On the user management page, select a user and click the edit icon in the Operation column on the right side. On the page that is displayed, change the password. 2. Log in to the CLI of the U1900 and run the config modify subscriber dn 1000 password XXXXXX command to change the user password.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top