Setting System Policies

A policy is a set of rules governing how to use a system. Typically, a security officer decides upon the policy, the administrator implements it, and the operating system enforces it. Policies are administered using the Policies menu in the Windows NT User Manager.

In Windows NT, there are three basic types of policies:

Account policies

These control the characteristics of user accounts. Examples are the minimum length of a password in the system, and how long a user can keep a password before being required to change it.

Audit policies

These control what events will be logged in the system. Examples are logons and logoffs, and file and object accesses.

User rights policies

These control what rights individual users or groups of users have. Examples are the right to access the computer or the ability to back up files.

This section focuses on account policies and user rights policies. Audit policies are discussed in Chapter 6.

Specifying the Account Policy

The account policy controls various characteristics of user accounts on the system — for example, the types of passwords that users can supply. The account policy information is stored in the Systems Account Manager (SAM) database, not in the Local Security Authority (LSA) policy database. Edit the account policy (shown in Figure 2.11) using the User Manager (go to Policies Account).

The Account Policy dialog box

Figure 2-11. The Account ...

Get Securing Windows NT/2000 Servers for the Internet now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.