Accounts Unlock Locked Out Account in Windows 11


  • Staff
Account_lockout_banner.png

This tutorial will show you how to unlock a locked out local account in Windows 10 and Windows 11.

Someone who attempts to use more than a few unsuccessful passwords while trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error. Windows domain controllers keep track of logon attempts, and domain controllers can be configured to respond to this type of potential attack by disabling the account for a preset period of time. Account Lockout Policy settings control the threshold for this response and the actions to be taken after the threshold is reached.

The Account lockout threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until you reset it or until the number of minutes specified by the Account lockout duration policy setting expires. You can set a value from 1 through 999 failed sign-in attempts, or you can specify that the account will never be locked by setting the value to 0. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.

The Account lockout duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. An administrator can also manually unlock a locked-out account.

The Reset account lockout counter after policy setting determines the number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0.

The Allow Administrator account lockout policy determines whether the built-in Administrator account is subject to account lockout policy.

Brute force password attacks can be automated to try thousands or even millions of password combinations for any or all user accounts. Limiting the number of failed sign-ins that can be performed nearly eliminates the effectiveness of such attacks. However, it is important to note that a denial-of-service (DoS) attack could be performed on a domain that has an account lockout threshold configured. A malicious user could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the value of Account lockout threshold, the attacker could potentially lock every account.

See also:

Starting with Windows 11 build 22528 and higher, the Account lockout threshold policy is now set to 10 failed sign-in attempts by default. The Account lockout duration is now set to 10 minutes by default. The Allow Administrator account lockout is now enabled by default. The Reset account lockout counter after is now set to 10 minutes by default.


You must be signed in as an administrator to unlock a locked out account.

If you do not have an administrator account available to unlock a local account, then you could enable the built-in Administrator account to sign in and use to unlock an account instead.


This does not apply to a Microsoft account.



Contents

  • Option One: Unlock Locked Out Account in Local Users and Groups
  • Option Two: Unlock Locked Out Account in Windows Terminal


EXAMPLE: Locked out account

This can also be for This sign-in option is disabled because of failed sign-in attempts or repeated shutdowns. Use a different sign-in option, or keep you device powered on for at least 2 hours and the try again.


locked_out_account.jpg





Option One

Unlock Locked Out Account in Local Users and Groups


Local Users and Groups is only available in the Windows 10/11 Pro, Enterprise, and Education editions.

All editions can use Option Two to set the same policy.


1 Open Local Users and Groups (lusrmgr.msc).

2 Click/tap on the Users folder in the left pane to open it, and double click/tap on the account Name (ex: "Brink2") in the middle pane you want to unlock. (see screenshot below)

unlock_account-1.png

3 In the General tab, uncheck Account is locked out, and click/tap on OK. (see screenshot below)

If Account is locked out is grayed out and unchecked, then the account is not currently locked out.


unlock_account-2.png

4 You can now close Local Users and Groups if you like.




Option Two

Unlock Locked Out Account in Windows Terminal


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Type the command below into Windows Terminal (Admin), and press Enter. (see screenshot below)

net user "<username>" /active:yes

substitute <username> in the command above with the actual local account name (ex: "Brink2") you want to unlock.

For example: net user "Brink2" /active:yes


3 You can now close Windows Terminal (Admin) if you like.

unlock_account-command.png



That's it,
Shawn Brink


 
Last edited:
1680478564261.png


Except, it is.

1680478698095.png


I tried running the command in elevated prompt and it said success, but it did nothing.
 

My Computer

System One

  • OS
    Windows 11 [22H2] [22621.2428]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Culture-Virus v4.0
    CPU
    i7-11700k
    Motherboard
    ASUS ROG Strix Z590
    Memory
    32GB Crucial Ballistix 3600MHz @ 4227MHz 16-18-38 2T
    Graphics Card(s)
    AMD Radeon RX 6900 XT
    Monitor(s) Displays
    AOC CQ27G2U/BK
    Screen Resolution
    2560x1440
    Hard Drives
    M.2 1: Samsung SSD 990 PRO 2TB
    M.2 2: Samsung SSD 970 EVO Plus 2TB
    PSU
    Corsair RM1000X SHIFT
    Case
    Fractal Design 7 XL
    Cooling
    Custom Water
    Keyboard
    Corsair K70 RGB TKL CHAMPION SERIES
    Mouse
    ROCCAT LEADR Optical
    Browser
    Chrome

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Back
Top Bottom