In Windows 2000, the security policy is a collection of settings that governs how tightly secured your particular computer is.
To look over your own computer's security policy, choose Start→Settings→Control Panel, then double-click the Administrative Tools folder. (It's available only if you have administrative privileges, as described in Section 17.3.) Double-click Local Security Policy. The broad categories of security settings you can change here appear on the left side of the window (Figure 17-2). As you click these folders, the right side of the window show these subgroups of policies:
Password Policy establishes the guidelines the users of this machine must follow when choosing a password, such as password length and how often they're required to change their passwords as a security precaution.
Account Lockout Policy configures Windows 2000 to lock out user accounts after a certain number of invalid logon attempts (an indication that somebody is trying to guess a password).
Audit Policy sets up Windows 2000 to record (audit) certain events, such as logon attempts and account management activities.
IP Security Policies on Local Machine configure Windows 2000 to use a special form of IP (Internet Protocol, the cornerstone of the TCP/IP protocol suite) that transmits data over the network in encrypted form.
User Rights Assignment determines what your various user groups are allowed to do in Windows 2000, such as whether or not they're allowed to ...