account lockout

Definition of account lockout in The Network Encyclopedia.

What is Account Lockout

In Microsoft Windows NT and Windows 2000, a state in which a user is prevented from logging on to the network. If account lockout restrictions are set on a network, a user who fails successively to log on will be locked out of the network after a predetermined number of attempts.

For example, if a user forgets the password and repeatedly attempts to log on, the domain controller assumes that unauthorized access is being attempted and shuts out the user by locking out his or her account.

The account can either remain locked until an administrator unlocks it, or it can be configured to unlock after a specified period of time.

Account lockout restrictions are part of the account policy that can be set for domains. Account lockout is used to prevent unauthorized access to the network by preventing distrusted users from attempting to guess a trusted user’s password.

If you set up account lockout on your network, you will probably also want to configure auditing to record failed logon attempts.

Use account lockout only for high-security networks. In a low-security environment, users can become frustrated if they lock themselves out by mistyping their password, and administrators must cope with the additional overhead and bother of unlocking these accounts.