SQL Server Account Lockout Policy

 

Account Lockout Policy is a security mechanism used by SQL Server.

For example, consider someone who is trying to log in with a user that does not belong to him.

If this mechanism is not activated, even if the wrong password is entered thousands of times, the user will not be locked.

In this way the attacker is able to enter the system without anyone knowing anything.

So after a certain number of wrong password entry attempts, it would be a solution to lock the user.

We are logging in to the Local Group Policy Editor with gpedit.msc as below.

 

And then you will see the below screen.

 

Below you will find the explanations of the policies you see on the above screen.

Account lockout duration

If the user account is locked, it shows how long it will remain locked before automatically opening the lock.

Account lockout threshold The number of incorrect password entry attempts to be allowed.
Reset account lockout

counter after

This policy specifies how long the counter holding the wrong number of password attempts will be reset.