Account lockout threshold
Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy
Determines the number of failed logon attempts that will cause a user account to be locked out. A locked out account cannot be used until it is reset by an administrator or the account lockout duration has expired. You can set values between 1 and 999 failed logon attempts, or you can specify that the account will never be locked out by setting the value to 0.
By default, this setting is disabled in the Default Domain Group Policy object (GPO) and in the local security policy of workstations and servers.
Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers do not count as failed logon attempts.