You can configure Full Disk Encryption to lock user accounts after a specified number of unsuccessful Pre-boot login attempts:
Select one of these Actions to define if and when user accounts are locked:
Action |
Description |
---|---|
Do not lock out users upon failed authentication. |
Users are not locked out of their accounts if they try to log on unsuccessfully. This setting is not recommended. |
Temporarily lock user account upon failed authentication attempts |
After a configured amount of failed log on attempts (the default is 5), the user's account is temporarily locked. |
Permanently lock user account upon failed authentication attempts |
After a configured amount of failed log on attempts (the default is 10), the user's account is permanently locked. |
Right-click an Action to edit the properties. You can also create custom Account Lock actions.
To configure an Account Lock Action:
Option |
Description |
Number of failed logons before the account is locked |
Maximum number of failed logon attempts allowed before an account is permanently locked. The account is locked until an administrator unlocks it. |
Number of failed attempts before a temporary lockout |
Maximum number of failed logon attempts before an account is temporarily locked out. |
Duration of a temporary lockout |
Duration of a temporary lockout period, in minutes. |
Maximum number of successful logons allowed before the account is locked |
Maximum number of successful logins before an account is permanently locked. You can use this option to let a temporary user log in for a specified number of logins. To unlock an account, you must increase the value or clear this option. Remote Help is not available for this type of account lockout. |