Windows 11 22H2 comes with brute force attacks protection enabled by default

A modified red Windows 11 logo indicating a known issue

Windows 11 22H2, currently available for Windows Insiders in the Windows Insider program, comes with a massive list of new features and changes. Some of those improvements are not visible at first sight, and users must dig deeper to uncover them. One such change is improved protection from brute force attacks.

David Weston, Microsoft OS Security and Enterprise VP, recently tweeted about Windows 11's new security measures. The operating system now uses brute force attack protection by default, effectively locking the system after ten failed attempts to guess the local password. A brute force attack is a popular way that bad actors leverage to get into systems, sometimes using Remote Desktop Protocol (RDP).

You can check out the new policies in Local Group Policy Editor by navigating to Computer Configuration > Windows Settings > Security Settings > Account Lockout Policy. By default, Windows 11 locks out after ten failed attempts to guess the password in ten minutes, and IT admins can configure these values according to their needs.

Local Group Policy Editor in Windows 11 showing lockout settings

It is worth mentioning that the lockout policies are not exclusive to Windows 11; they are also present (although disabled by default) in earlier Windows versions. With Windows 11 22H2 (starting with build 22528.1000 and higher), Microsoft flipped the switch, effectively making it much harder to get into the operating system using brute force tactics.

If you are interested in consumer-facing changes in Windows 11 22H2, check out our comprehensive review.


Update: David Weston has confirmed that the new lockout policies are coming to Windows 10.

Report a problem with article
Tannenberg art with Epic Games Store logo
Next Article

Tannenberg is free to claim on the Epic Games Store this week

A PowerPoint graphic
Previous Article

Microsoft adds text highlighting to PowerPoint for iOS after receiving many requests

5 Comments - Add comment

Advertisement