• @dogslayeggs
    link
    English
    13 months ago

    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold

    Right there, in plain English directly from Microsoft:

    "Failed password attempts on workstations or member servers that have been locked by using either Ctrl + Alt + Delete or password-protected screen savers count as failed sign-in attempts.

    The security setting allows you to set a threshold for the number of failed sign-in attempts that causes the device to be locked by using BitLocker. This threshold means, if the specified maximum number of failed sign-in attempts is exceeded, the device will invalidate the Trusted Platform Module (TPM) protector and any other protector except the 48-digit recovery password, and then reboot. "

    • @IHawkMike
      link
      English
      03 months ago

      Look man, this is just exhausting. I’m well aware of that security policy. I have enabled it at some of my clients. But it’s not a default setting and would never be on a random non-enterprise PC. This is what I mean when I say the only people who are getting locked out this way were screwing with their computers in ways they don’t understand, installing random garbage and following bad advice on the internet.

      From your link:

      If you set the value to 0, or leave blank, the computer or device will never be locked as a result of this policy setting.