BLOG POSTS
    MangoHost Blog / Fixing The Referenced Account is Currently Locked Out Error in Windows 10
Fixing The Referenced Account is Currently Locked Out Error in Windows 10

Fixing The Referenced Account is Currently Locked Out Error in Windows 10

The error message “The referenced account is currently locked out and may not be logged on to” in Windows 10 typically occurs when an account has been locked due to multiple failed login attempts. Also this often happenning after enabling Remote Desktop access (RDP) access. This is a security feature designed to prevent unauthorized access.

Understanding the Error

The error “The referenced account is currently locked out and may not be logged on to” is a security feature in Windows 10. It occurs after multiple failed login attempts, locking the account to prevent unauthorized access. To resolve this issue, you can follow these steps:

Step-by-Step Solution

1. πŸ›‘οΈ Disconnect the Ethernet cable or Wi-Fi connection: This will allow to expire the block duration, then you can log in.

2. πŸ›‘οΈ Wait for the Lockout Duration to Expire: Windows locks the account for a default period (usually 30 minutes) after unsuccessful login attempts. You can simply wait for this duration to end and then try logging in again.

3. πŸ›‘οΈ Log In Using Another Administrative Account: If you have another account with administrative rights on the same computer, use it to log in.

4. πŸ›‘οΈ Modify Account Lockout Policy using secpol.msc: You can change the account lockout settings by accessing the Local Security Policy editor:

Press Win + R to open the Run dialog.
Type secpol.msc and press Enter.
Navigate to Security Settings > Account Policies > Account Lockout Policy.

Enabling Remote Desktop and Its Risks

When you enable Remote Desktop on Windows 10, it allows users to remotely access their computer’s desktop interface. However, this convenience also opens up potential security vulnerabilities, particularly related to account lockouts due to unauthorized access attempts.

How Enabling Remote Desktop Access Can Lead to Account Lockouts

πŸ±β€πŸ’» Vulnerability to Brute Force Attacks: Brute force attacks are a common method used by hackers. In this scenario, attackers use automated tools to repeatedly guess usernames and passwords until they successfully gain access. Windows 10’s security mechanism locks the account after multiple failed attempts, which is often triggered by such brute force attacks.
πŸ±β€πŸ’» Increased Exposure to External Attacks: Remote Desktop Protocol (RDP) ports, when exposed to the internet, can be easily discovered by hackers. They use automated scripts to scan a range of IP addresses to find open RDP ports and then attempt to log in.
πŸ±β€πŸ’» Risks from Default or Weak Credentials: Accounts with default usernames (like ‘admin’ or ‘user’) or weak passwords are especially vulnerable to being locked out due to hackers’ repeated login attempts.

Adjusting Lockout Policies

πŸ”“ Account Lockout Duration: Set the time for how long the account stays locked.
πŸ”“ Account Lockout Threshold: Determine the number of failed login attempts before the account is locked.
πŸ”“ Reset Account Lockout Counter After: Specify the time after which the failed login attempt counter is reset.

When you enable Remote Desktop on Windows 10, it allows users to remotely access their computer’s desktop interface. However, this convenience also opens up potential security vulnerabilities, particularly related to account lockouts due to unauthorized access attempts.

Preventative Measures for Remote Desktop

πŸ” Implement Strong Password Policies: Use complex, unique passwords for all user accounts to reduce the risk of successful brute force attacks.
πŸ” Change Default RDP Port: Changing the default Remote Desktop Protocol (RDP) portΒ  (3389) makes it slightly harder for attackers to locate and access your RDP. For example, 9842 port is safe.
πŸ” Use Network Level Authentication (NLA): NLA adds an extra layer of authentication before establishing a Remote Desktop session, reducing the risk of brute force attacks.
πŸ” Enable Account Lockout Policies: Configure account lockout policies to temporarily lock accounts after a few failed login attempts, which helps in mitigating brute force attacks.
πŸ” Employ Firewalls and VPNs: Using firewalls to control access and connecting through VPNs can significantly enhance the security of Remote Desktop sessions.
πŸ” Regularly Monitor and Update Systems: Regularly update your operating system and monitor your network for any suspicious activities.

While enabling Remote Desktop on Windows VPS is useful for remote access, it is crucial to be aware of the associated security risks, such as account lockouts from brute force attacks, and to take appropriate measures to safeguard against these vulnerabilities.


This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.

This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.

User comments

admin
admin, January 27, 2024

This feature is disabled by default in older Windows 10 installation images.

Reply

Leave a reply

Your email address will not be published. Required fields are marked