Consider the following when specifying the password lockout time:
- Users sometimes make mistakes entering passwords. Do not lock users out for long periods if the MaxLogonAttempts parameter allows only one or two erroneous attempts.
- A common security threat initiates erroneous logons to deny service to legitimate users. If the lockout time is long, such a process could quickly lock out all users.
- You can specify an indefinite lockout by entering a value of -1.
- You can reset the value to zero to immediately release the lock. This action disables the password lockout time feature until the value is reset.