It's imperative that every organization implement a strong security policy that defines all security-related options. This policy should also include a password and account policy that defines how users and administrators should handle their passwords and user accounts.
Once you've defined your policies, you can use the utilities that Windows NT provides to enforce them. You can administer settings that affect user accounts and passwords through User Manager and User Manager For Domains, which you'll find in the Administrative Tools folder. Just open the Policies menu, and click Accounts.
Here's a look at the settings you'll encounter in the Account Policy dialog box.
- Maximum Password Age: This option specifies the number of days that passwords are valid. When the passwords get older than the number specified, the system prompts the user to create a new password.
- Minimum Password Age: This setting specifies the minimum number of days after which users can change their passwords. This setting works in conjunction with the Maximum Password Age and Password Uniqueness settings.
- Minimum Password Length: This setting is self-explanatory.
- Password Uniqueness: This setting makes sure users actually use a password for some time, and it prevents users from using the same password all of the time or from switching back and forth between two.
- Lockout After: This option allows the system to lock the user account after a specified number of unsuccessful logon attempts.
- Reset Count After: This setting tells the system to automatically reset the counter of bad logon attempts after a specified time.
- Lockout Duration: Once the system locks out an account, this setting specifies whether the administrator must unlock it or if the system will automatically unlock it after a given period of time.