How to Configure Password and Account Policies in Windows XP
Author of the tutorial : John
Purpose:
The purpose of this article is to teach you how to configure password policies and account policies in windows xp.
Password Policy:
A collection of policy settings that define the password requirements for users.
Account Lockout Policy:
Account lockout policy options disable accounts after a set number of failed logon attempts. Using these options can help you detect and block attempts to break passwords.
To configure password policies
Follow these steps in order to accomplish the task
1. Click Start à Programs à Administrative Tools à Local Security Policy.
2. Expand Account Policies and you will see Password Policy and Account Lockout Policy. Click on Password Policy.
Enforce password history. The number of unique, new passwords that must be associated with a user account before an old password can be reused. When used in conjunction with Minimum password age, this setting prevents reuse of the same password over and over. Most IT departments set a value greater than 10.
Maximum password age. The number of days a password can be used before the user must change it. Changing passwords regularly is one way to prevent passwords from being compromised. Typically, the default varies from 30 to 42 days.
Minimum password age. The number of days a password must be used before the user can change it. The default value is zero, but it is recommended that this be reset to a few days. When used in conjunction with similarly short settings in Enforce password history, this restriction prevents reuse of the same password over and over.
Minimum password length. The minimum number of characters a user's password can contain. The default value is zero. Seven characters is a recommended and widely used minimum.
Passwords must meet complexity requirements. The default password filter (Passfilt.dll) included with Windows 2000 Server and Windows XP Professional requires that a password have the following characteristics:
§ Does not contain your name or user name.
§ Contains at least six characters.
§ Contains characters from each of the following three groups:
1. Uppercase and lowercase letters (A, a, B, b, C, c, and so on)
2. Numerals
3. Symbols (characters that are not defined as letters or numerals, such as !, @, #, and so on)
3. Double click the policy that you want to set and define the policy.
To configure account lockout policies
1. Click on Account Lockout Policy.
Account lockout duration. The number of minutes (from 1 to 99999) an account remains locked out before it unlocks. By setting the value to 0, you can specify that the account remains locked out until an administrator unlocks it.
Account lockout threshold. The number of failed logon attempts before a user account is locked out. A locked out account cannot be used until an administrator resets it, or until the account lockout duration expires.
Reset account lockout counter after. Determines how many minutes (1 to 99999) must elapse after a failed logon attempt before the counter resets to 0 bad logon attempts. This value must be less than or equal to the account lockout duration.
2. Double click the policy that you want to set and define the policy.
Summary:
You have successfully configured your computer to use the password and account lockout policies that you have defined. Account policies affect Windows XP Professional computers in two ways. When applied to a local computer, account policies apply to the local account database that is stored on that computer. When applied to domain controllers, the account policies affect domain accounts for users logging on from Windows XP Professional computers that are joined to that domain.