On the Password tab of the User Based Policy that you are applying to the machine or user (via Policy Assignment Rules), this is the option that controls incorrect password attempts.
There is no option to timeout username attempts. However, there is an option to not display the previous username. This option is in the Product Settings policy on the Log On tab.
Thanks for your reply.
I have set these parameters and then assigned the policy to both a group of machines as well as a specific user. My problem is that it doesn't seem to work during the preboot authentication. I am using SSO so as soon as the correct password is entered in preboot authentication it automatically logs into windows for that account. I'm guessing these parameters would work if I was not using group policy and SSO at the Windows log in for an encryption user, but where I need something to work is during the preboot authentication portion:
Hopefully that makes sense, thanks!