Share via

Logging in to Windows via RDP - Event 4625 - Account Lockout

mike_2 21 Reputation points
2020-12-16T23:24:32.983+00:00

I searched for some answers to this question, but not finding anything....

I am looking in event viewer at attempts to log on to a Windows machine via RDP. I have a policy in place to lock an account after 3 failed sign in attempts. This is a standalone Windows machine with a few local users.

I am seeing numerous entries for event ID 4625. There are multiple attempts being made to login to the machine with various usernames, including 'Administrator'. The administrator account is enabled for remote login.

I'm wondering why the administrator account isn't getting locked out with these failed login attempts? If I try to log in with a user and provide a bad password 3 times, it locks it out - this is expected. I'm expecting to see the administrator account locked out too, but it isn't.

If I look at the 'Administrator' user information (computer management, local users), the 'account is locked out' check box is checked, but the account isn't locked out. At least it isn't when I try to log on with it. It works.

Why isn't the administrator account getting locked out? Shouldn't it be, from these failed login attempts?

I'd appreciate any feedback. Thank you.

Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
Windows for business | Windows Server | User experience | Other
0 comments
Accepted answer
  1. Anonymous
    2020-12-17T05:55:58.96+00:00

    Hello @mike_2

    "A lockout threshold policy will apply to both local member computer users and domain users, in order to allow mitigation of issues as described under "Vulnerability". The built-in Administrator account, however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot sign in to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password."

    Security considerations

    Hope this is what you looking for.

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards
    Karlie

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.