Lockout Duration
If too many incorrect logon attempts are made on a user account, the lockout
duration specifies the amount of time locked accounts will remain locked before
automatically becoming unlocked. A locked account cannot log on.
The recommended value is 30 minutes. Small values make it easy for attackers
to run brute force exploits to crack account security, while large values (or a lockout forever
setting) allow an attacker to create a denial of service attack, preventing access to legitimate users.
To specify a lockout duration in Windows NT User Manager, open the Account
Policy dialog, click Duration, and type a number of minutes. The range is 1 to
99999.