From 716e60069ef5c832c08ac97564b14dab632e56f9 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 30 Mar 2018 15:26:13 -0700 Subject: [PATCH] added threshold info --- .../security-policy-settings/account-lockout-duration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md index 1adc579110..504909f266 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md @@ -29,7 +29,7 @@ This policy setting is dependent on the **Account lockout threshold** policy set If [Account lockout threshold](account-lockout-threshold.md) is configured, after the specified number of failed attempts, the account will be locked out. If th **Account lockout duration** is set to 0, the account will remain locked until an administrator unlocks it manually. -It is advisable to set **Account lockout duration** to approximately 30 minutes. To specify that the account will never be locked out, set the value to 0. To configure the value for this policy setting so that it never automatically unlocks the account might seem like a good idea; however, doing so can increase the number of requests that your organization’s Help Desk receives to unlock accounts that were locked by mistake. +It is advisable to set **Account lockout duration** to approximately 15 minutes. To specify that the account will never be locked out, set the Account lockout threshold value to 0. ### Location