Print Download PDF Send Feedback

Previous

Next

Account Lock

You can configure Full Disk Encryption to lock user accounts after a specified number of unsuccessful Pre-boot login attempts:

Select one of these Actions to define if and when user accounts are locked:

Action

Description

Do not lock out users upon failed authentication.

Users are not locked out of their accounts if they try to log on unsuccessfully. This setting is not recommended.

Temporarily lock user account upon failed authentication attempts

After a configured amount of failed log on attempts (the default is 5), the user's account is temporarily locked.

Permanently lock user account upon failed authentication attempts

After a configured amount of failed log on attempts (the default is 10), the user's account is permanently locked.

Right-click an Action to edit the properties. You can also create custom Account Lock actions.

To configure an Account Lock Action:

  1. Right-click the existing Action and select Edit Properties or select Create Custom to define a new Action.
  2. Configure the settings as necessary:

    Option

    Description

    Number of failed logons before the account is locked

    Maximum number of failed logon attempts allowed before an account is permanently locked. The account is locked until an administrator unlocks it.

    Number of failed attempts before a temporary lockout

    Maximum number of failed logon attempts before an account is temporarily locked out.

    Duration of a temporary lockout

    Duration of a temporary lockout period, in minutes.

    Maximum number of successful logons allowed before the account is locked

    Maximum number of successful logins before an account is permanently locked. You can use this option to let a temporary user log in for a specified number of logins.

    To unlock an account, you must increase the value or clear this option. Remote Help is not available for this type of account lockout.