Setting System Policies
A policy is a set of rules governing how to use a system. Typically, a security officer decides upon the policy, the administrator implements it, and the operating system enforces it. Policies are administered using the Policies menu in the Windows NT User Manager.
In Windows NT, there are three basic types of policies:
- Account policies
These control the characteristics of user accounts. Examples are the minimum length of a password in the system, and how long a user can keep a password before being required to change it.
- Audit policies
These control what events will be logged in the system. Examples are logons and logoffs, and file and object accesses.
- User rights policies
These control what rights individual users or groups of users have. Examples are the right to access the computer or the ability to back up files.
This section focuses on account policies and user rights policies. Audit policies are discussed in Chapter 6.
Specifying the Account Policy
The account policy controls various characteristics of user accounts on the system — for example, the types of passwords that users can supply. The account policy information is stored in the Systems Account Manager (SAM) database, not in the Local Security Authority (LSA) policy database. Edit the account policy (shown in Figure 2.11) using the User Manager (go to Policies → Account).
Figure 2-11. The Account ...