It’s imperative that every organization
implement a strong security policy that defines all
security-related options. This policy should also include a
password and account policy that defines how users and
administrators should handle their passwords and user accounts.

Once you’ve defined your policies, you can use
the utilities that Windows NT provides to enforce them. You can
administer settings that affect user accounts and passwords through
User Manager and User Manager For Domains, which you’ll find in the
Administrative Tools folder. Just open the Policies menu, and click

Here’s a look at the settings you’ll encounter
in the Account Policy dialog box.

  • Maximum Password Age: This option specifies the number of
    days that passwords are valid. When the passwords get older than
    the number specified, the system prompts the user to create a new
  • Minimum Password Age: This setting specifies the minimum
    number of days after which users can change their passwords. This
    setting works in conjunction with the Maximum Password Age and
    Password Uniqueness settings.
  • Minimum Password Length: This setting is
  • Password Uniqueness: This setting makes sure users actually
    use a password for some time, and it prevents users from using the
    same password all of the time or from switching back and forth
    between two.
  • Lockout After: This option allows the system to lock the
    user account after a specified number of unsuccessful logon
  • Reset Count After: This setting tells the system to
    automatically reset the counter of bad logon attempts after a
    specified time.
  • Lockout Duration: Once the system locks out an account, this
    setting specifies whether the administrator must unlock it or if
    the system will automatically unlock it after a given period of