Unlocking an administrator's account after too many logon attempts
Last Updated April 24, 2019
Symantec Endpoint Protection Manager locks out an administrator for a certain length of time after a number of unsuccessful logon attempts. By default, the management server locks out an administrator for 15 minutes after five failed attempts.
You cannot unlock the administrator account without waiting for the specified period of time to pass. However, you can disable the administrator account from locking, though this action does not unlock the account. You can also change the number of unsuccessful logon attempts and wait the time that is permitted before the account is locked. A password change does not reset or otherwise affect the lockout interval.
For added security in 12.1.5 and later, after the first lockout the lockout interval doubles with each additional lockout. Symantec Endpoint Protection Manager reinstates the original lockout interval after a successful logon occurs or after 24 hours pass since the first lockout. For example, if the original lockout interval is 15 minutes, the second lockout triggers a 30-minute lockout interval. The third lockout triggers a 60-minute lockout interval. If the first lockout occurs at 2:00 P.M. on Thursday, then the 24-hour period ends 2:00 P.M. Friday, and Symantec Endpoint Protection Manager resets the lockout interval to 15 minutes.
To unlock an administrator's account after too many logon attempts
In the console, click Admin > Administrators.
Under Administrators, select the administrator account that is locked.
Under Tasks, click Edit the administrator.
On the General tab, uncheck Lock the account after the specified number of unsuccessful logon attempts.