Registry Settings to lockout too many Remote Desktop login attempts?

2

I need settings to do two things - via Registry or otherwise. (This is for a Windows 10 Pro PC, acting as my "server").

  1. Registry settings to lockout Account after specified number of login attempts via Remote Desktop, say 5.

  2. Local logon should not be locked. i.e. If you keyboard is plugged directly to the PC, you should be able to login to the account.

Last time this happened I had to resort to Linux to unlock the PC as the account remained locked.

UPDATE. the answer to part 1) I already know, because that's how i configured the PC.

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AccountLockout

joedotnot

Posted 2019-03-15T09:20:03.047

Reputation: 273

1What are you findings thus far? What research have you done? What have you tried, and where are you failing? – spikey_richie – 2019-03-15T09:34:35.933

Answers

0

You cannot specify separate lockout settings for access via RDP vs. the physical console. Account lockout settings apply to the account, not the logon method.

Perhaps a way to achieve your goal would be to have a second admin user account configured on the machine that is denied access through Remote Desktop (thus mitigating the possibility of getting locked out) and use that account to unlock the first when required.

Alternate Solution

If you have the Pro or Enterprise version of Windows, you can configure the account lockout duration such that locked out accounts are automatically unlocked after a specified amount of time:

  1. In Start search and run the Local Security Policy app.

  2. Navigate to Account Policies/Account Lockout Policy.

    enter image description here

  3. Set the Account lockout threshold setting to a non-zero value (otherwise you cannot configure the other settings in this branch).
  4. Configure the Account lockout duration setting as desired.

I say Reinstate Monica

Posted 2019-03-15T09:20:03.047

Reputation: 21 477

Both of the alternate suggestions I made require the Pro (or better) version of Windows. If you have this, edit your original question to say so, then ping me and I'll edit my answer to explain how to implement them. – I say Reinstate Monica – 2019-03-15T11:27:47.907

hey Twisty, I've accepted your answer, and can confirm now it is Win 10 Pro because i can now login (Yes, Linux to the rescue yet again). Under "Local Users and Groups\Remote Desktop Users" i have already verified i have the one Account for RDP purposes. I also have a second Admin account, but i am not sure how it got locked out, or where is the setting to lock it up after x tries. Please update your answer to explain how to do this. – joedotnot – 2019-03-16T10:00:32.513

Answer edited as requested. – I say Reinstate Monica – 2019-03-17T23:22:58.340

Asked: 2019-03-15T09:20:03.047

Viewed: 898 times

Active: 2019-03-17T23:22:44.563