O'Reilly logo

Securing Windows NT/2000 Servers for the Internet by Stefan Norberg

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Setting System Policies

A policy is a set of rules governing how to use a system. Typically, a security officer decides upon the policy, the administrator implements it, and the operating system enforces it. Policies are administered using the Policies menu in the Windows NT User Manager.

In Windows NT, there are three basic types of policies:

Account policies

These control the characteristics of user accounts. Examples are the minimum length of a password in the system, and how long a user can keep a password before being required to change it.

Audit policies

These control what events will be logged in the system. Examples are logons and logoffs, and file and object accesses.

User rights policies

These control what rights individual users or groups of users have. Examples are the right to access the computer or the ability to back up files.

This section focuses on account policies and user rights policies. Audit policies are discussed in Chapter 6.

Specifying the Account Policy

The account policy controls various characteristics of user accounts on the system — for example, the types of passwords that users can supply. The account policy information is stored in the Systems Account Manager (SAM) database, not in the Local Security Authority (LSA) policy database. Edit the account policy (shown in Figure 2.11) using the User Manager (go to Policies Account).

The Account Policy dialog box

Figure 2-11. The Account ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required