Account Lockout – Best Practices  

Most of the organizations are migrating to the Windows 7 operating systems from the classic Windows XP operating systems , this upgrade provides administrators with granular configuration settings with respect to Group Policies and as always it is very important for administrators to configure the Account Lockout policies for their existing desktops across the globe. Most administrators would require users to log a ticket with the Helpdesk , when their account gets locked out. This scenario would vary between the organizations, Financial organizations would term account lockout policy as most critical aspect they would be dealing with assets and transactions, where are a mid-size software organization would not give more priority for account lockout policy.

 Some of the best practices after analyzing practical real world implementations is as follows, and this again might be different for different scenarios. There are 3 major policies that can be set by an administrator for Account Lockout which are  

a)     Account Lockout Duration

b)     Account Lockout Threshold

c)      Reset Account Lockout Counter After


Reading through the help file provided for these policies might be simple to complex , if we do not understand these policies , users might have their account lockout after first incorrect attempt, to avoid the confusion and complexity let us understand this in a layman terms. 

Account Lockout Duration : It’s the duration that users should “wait” before re-entering their password. By default it is set to 30 minutes.  

Account Lockout Threshold: It’s the number of attempts a user can enter the “wrong “ password before the system locks the user. By default it is set 0 attempts. 

Reset Account Lockout Counter After: This is tricky. This is the amount of time users can attempt wrong passwords within “Lockout Threshold”. If this counter is set to 30 min, and has 3 password attempts, then the user can enter incorrect password 3 times within 30 minutes. By default this is set to 30 minutes.


Some Examples :


Scenario 1:

Account Lockout Duration                   = 60 minutes

Account Lockout Threshold                 = 3

Reset Account Lockout Counter After = 30 minutes 

In this scenario users should wait for 60 minutes before they get a chance to re-enter the password (3 times) and users get 30 minutes before they use all 3 attempts.



Account Lockout Duration                   = 15 minutes

Account Lockout Threshold                 =  3

Reset Account Lockout Counter After = 10 minutes 

In this scenario users should wait for 15 minutes before they get a chance to re-enter the password (3 times) and users get 10 minutes before they use all 3 attempts.


Note : Make sure you never set Account Lockout Threshold to zero



Blue Screen – ACPI.sys

Installing windows server 2008 R2 on AMD chip set has compatibility issues which is resulting in Blue Screen Of Death with different drivers, and i have seen ACPI.sys file causing exception everytime the server gets restarted.

Resolution :

Replaced AMD chipset with Intel and issue got resolved.                                                                                                                                                                                                                                   


Memory Management – Part 1

Programs cannot access physical memory directly, they have to access memory using the below techniques.  And most important all the below memory models has Code , Data and Stack segments. Linear address space is virtual address which is mapped to the physical address.  

a) Flat Memory Model  

b) Segmented Memory Model  

c) Real – Address Mode Memory Model.


Some of the interesting facts are  

-IA-32 and IA-64 processors uses either Flat Memory Model or Segmented Memory Model. 

-Real Address mode uses segmented memory of 64 KB blocks.  

-During conversion of linear address to physical address, the addresses are sent out on processor address bus.

Wait for more 🙂