Account Policy


What is Account Policy? Definition of account policy.

What is Account Policy?

In Microsoft Windows Systems, Account Policy is a set of rules specified for a domain using User Manager for Domains that determines the restrictions placed on passwords for users in that domain.



In the Windows Server family, this set of rules is specified using Active Directory Users and Computers.

Account Policy
Changing Account Policy for the Domain




The account policies settings include the following:

One account policy per domain

Each domain can have only one account policy. The account policy must be defined in the default domain policy or in a new policy that is linked to the root of the domain and given precedence over the default domain policy, which is enforced by the domain controllers in the domain. These domain-wide account policy settings (Password Policy, Account Lockout Policy, and Kerberos Policy) are enforced by the domain controllers in the domain; therefore, domain controllers always retrieve the values of these account policy settings from the default domain policy Group Policy Object (GPO).

Avoid making your account policy too lax

As a network administrator, not only should you avoid making your account policy too lax (for example, allowing two-letter passwords), you should also avoid making your policy unnecessarily restrictive. For example, suppose your company is a medium-security environment, but you force users to create passwords of 10 characters or more in length, you keep a password history of 10 passwords, and you set a minimum password age of seven days. Your policy might result in users writing down their list of 10 passwords and taping it under their keyboard—obviously defeating the same network security you are trying to enforce! Ultimately, the best security policy is often a posted list of rules and procedures with warnings of the consequences of breaking the rules.



In a high-security environment, you should force users to choose complex passwords containing a mixture of uppercase letters, lowercase letters, numbers, and symbols.




Editor

Articles posted after being checked by editors.

Recent Content

link to I/O Manager

I/O Manager

I/O Manager is a component of Microsoft Windows NT executive running in kernel mode that is responsible for all Windows NT input/output functions. The I/O Manager integrates various networking components.