What is Account Policy? Definition of account policy.
What is Account Policy?
In Microsoft Windows Systems, Account Policy is a set of rules specified for a domain using User Manager for Domains that determines the restrictions placed on passwords for users in that domain.
In the Windows Server family, this set of rules is specified using Active Directory Users and Computers.
The account policies settings include the following:
One account policy per domain
Each domain can have only one account policy. The account policy must be defined in the default domain policy or in a new policy that is linked to the root of the domain and given precedence over the default domain policy, which is enforced by the domain controllers in the domain. These domain-wide account policy settings (Password Policy, Account Lockout Policy, and Kerberos Policy) are enforced by the domain controllers in the domain; therefore, domain controllers always retrieve the values of these account policy settings from the default domain policy Group Policy Object (GPO).
Avoid making your account policy too lax
As a network administrator, not only should you avoid making your account policy too lax (for example, allowing two-letter passwords), you should also avoid making your policy unnecessarily restrictive. For example, suppose your company is a medium-security environment, but you force users to create passwords of 10 characters or more in length, you keep a password history of 10 passwords, and you set a minimum password age of seven days. Your policy might result in users writing down their list of 10 passwords and taping it under their keyboard—obviously defeating the same network security you are trying to enforce! Ultimately, the best security policy is often a posted list of rules and procedures with warnings of the consequences of breaking the rules.
In a high-security environment, you should force users to choose complex passwords containing a mixture of uppercase letters, lowercase letters, numbers, and symbols.
