@REM ################################################################################### @REM # This script contains 3 parameters related to account lockout # @REM # 1. LockoutThreshold - [1 - 999] (Number of failed attempts before lockout) # @REM # 2. LockoutDuration - [99999 Minutes] (Time in minutes an account is locked) # @REM # 3. LockoutWindow - [99999 Minutes] (Time in minutes to observe failed attempts) # @REM # # @REM # Notes: # @REM # 1. If you don't want to modify a specific parameter, use -1. # @REM # 2. Need to run with admin privileges # @REM # # @REM # Example: # @REM # AccountPolicies.bat 8 15 15 # @REM # AccountPolicies.bat 8 -1 15 # @REM # AccountPolicies.bat -1 -1 -1 # @REM # # @REM # GPO Article: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-policy # @REM ################################################################################### @echo off SET /A LockoutThreshold = %1 SET /A LockoutDuration = %2 SET /A LockoutWindow = %3 echo ========================================================== @REM Set Lockout Threshold if not -1 IF NOT "%LockoutThreshold%" == "-1" ( net accounts /lockoutthreshold:%LockoutThreshold% ) @REM Set Lockout Duration if not -1 IF NOT "%LockoutDuration%" == "-1" ( net accounts /lockoutduration:%LockoutDuration% ) @REM Set Lockout Window if not -1 IF NOT "%LockoutWindow%" == "-1" ( net accounts /lockoutwindow:%LockoutWindow% ) echo ========================================================== echo Account Lockout Policies have been successfully updated. echo ==========================================================