This is a bit tricky because those settings are stored in the SAM part of the registry which is not easily available to a script or users, the settings are in binary format in
[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\F] One way to change this is to create a text file like C:\NewLockoutSettings.txt with this content:
[Unicode] Unicode=yes [Version] signature="$CHICAGO$" Revision=1 [System Access] LockoutBadCount = 3 ResetLockoutCount = 15 LockoutDuration = 15 Then use the file as the input for secedit.exe like this:
secedit.exe /configure /db "secedit.sdb" /cfg C:\NewLockoutSettings.txt The text file is called a security template and you apply it against the standard security database.
Of course you have to run this as an elevated administrator, and I would test this on a VM before applying it on a production machine.