Account policy

Definition of Account policy in The Network Encyclopedia.

What is Account Policy

In Microsoft Windows NT, a set of rules specified for a domain using User Manager for Domains that determines the restrictions placed on passwords for users in that domain. In Windows 2000, this set of rules is specified using Active Directory Users and Computers.

To configure your account policy for a domain in Windows NT, select the domain you want to administer in User Manager for Domains, and from the menu, select Policies. Then select Accounts to open the Account Policy dialog box.

You can specify restrictions for the following:

  • Maximum and minimum password age
  • Minimum password length
  • Password history
  • Account lockout trigger and duration
  • Forcible disconnection when logon hours expire
  • Logon requirement for password changes

The Account Policy dialog box in Windows NT 4

Configuring account policy, setting up password restrictions, minimum and maximum password age, minimum password length and lockou after bad logon attempts.

As a network administrator, not only should you avoid making your account policy too lax (for example, allowing two-letter passwords), you should also avoid making your policy unnecessarily restrictive. For example, suppose your company is a medium-security environment, but you force users to create passwords of 10 characters or more in length, you keep a password history of 10 passwords, and you set a minimum password age of seven days. Your policy might result in users writing down their list of 10 passwords and taping it under their keyboard—obviously defeating the same network security you are trying to enforce! Ultimately, the best security policy is often a posted list of rules and procedures with warnings of the consequences of breaking the rules.
In a high-security environment, you should force users to choose complex passwords containing a mixture of uppercase letters, lowercase letters, numbers, and symbols.