Account Lock

You can configure Full Disk EncryptionClosed A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE. to lock user accounts after a specified number of unsuccessful Pre-bootClosed Authentication before the Operating System loads. login attempts:

  • Temporarily - If an account is locked temporarily, users can try to log on again after a specified time.

  • Permanently - If the account is locked permanently, it stays locked until an administrator unlocks it.

Select one of these Actions to define if and when user accounts are locked:

Action

Description

Do not lock out users upon failed authentication.

Users are not locked out of their accounts if they try to log on unsuccessfully. This setting is not recommended.

Temporarily lock user account upon failed authentication attempts

After a configured amount of failed log on attempts (the default is 5), the user's account is temporarily locked.

Permanently lock user account upon failed authentication attempts

After a configured amount of failed log on attempts (the default is 10), the user's account is permanently locked.

Right-click an Action to edit the properties. You can also create custom Account Lock actions.

To configure an Account Lock Action:

  1. Right-click the existing Action and select Edit Properties or select Create Custom to define a new Action.

  2. Configure the settings as necessary:

    Option

    Description

    Number of failed logons before the account is locked

    Maximum number of failed logon attempts allowed before an account is permanently locked. The account is locked until an administrator unlocks it.

    Number of failed attempts before a temporary lockout

    Maximum number of failed logon attempts before an account is temporarily locked out.

    Duration of a temporary lockout

    Duration of a temporary lockout period, in minutes.

    Maximum number of successful logons allowed before the account is locked

    Maximum number of successful logins before an account is permanently locked. You can use this option to let a temporary user log in for a specified number of logins.

    To unlock an account, you must increase the value or clear this option. Remote HelpClosed Users can be denied access to their Full Disk Encryption-protected computers or Media Encryption & Port Protection-protected devices for many different reasons. Remote Help can help users in these types of situations. The user contacts the Help Desk or specified administrator and follows the recovery procedure. is not available for this type of account lockout.