Publishing System Settings Logout Login Register
Passwords and Security : Strategies & Policies
TutorialCommentsThe AuthorReport Tutorial
Tutorial Avatar
Rating
Add to Favorites
Posted on December 29th, 2006
4439 views
Windows XP

On Windows XP Professional, it's possible to define strategies to strengthen and control the actual use of passwords.

This tutorial is addressed to advanced users. It's recommended to create a restore point  before changing anything.


This tutorial is only for learning purpose or for building an Enterprise Network. DO NOT use it for inflicting any damage to computers. I shall not be held responsible for anything you do with it. Use at your own risk!


1. Click Start --> RUN and type in: gpedit.msc





2. Open: ComputerConfiguration/WindowsSettings/SecuritySettings/AccountPolicy/Password Policy



3. Select de policies you wish to apply:

Enforce Password History: If you choose to keep passwords in the history, a user cannot reuse one of the last used passwords. Windows XP can remember the last 24 used passwords. To deactivate this function, change the value to 0.

Maximum Password Age: Before waiting for the maximal life expectancy(cycle) of the password, the user will have to change his password so that it does not expire. A dialog box will warn him on the 14th day (by defaut) before the expiration. The value by default is of 6 weeks (42 days), the duration can vary from 0 to 999 days. The higher the level of security is, the password life expectancy will be shorter.

Minimum Password Age: The user cannot change his password before a certain number of days. It avoids that a user modifies his password each minute to reuse the same.

Minimum Password Length: Minimum number of signs which the password has to contain. To assure a full compatibility with Windows NT4 / 9x / Me, the password should contain no more than 14 characters. If there are only computers executing Windows 2000 / XP / 2003, the password can reach 127 characters.

Password must meet complexity requirements: The password cannot consist only of letters, but it has to possess three of the four types of characters (capital letters, small letters, special character and numbers). This strategy can be strengthened by the use of the DLL passfilt.dll recompiled (Click Here to get it).

Store password using reversible encryption for users in the domain: It is not recommended to activate this strategy because it may decreases the security of the system. Nevertheless, in certain cases (use of the authentification CHAP for a remote access), it can turn out to be necessary.

So that most of the strategies work, the users will have to modify their password so that the new password respects requirements of length, complexity, history, etc.


To exclude an account from expiring (like the Administrator account) use this Script:

BE SURE TO READ THE README FILE! IT'S A QUESTION OF SECURITY!


File Download: script

 

For more information, visit Afram & Selao, Online Marketing Consultants

Dig this tutorial?
Thank the author by sending him a few P2L credits!

Send
beaverpoutine

Publisher Betazoid
View Full Profile Add as Friend Send PM
Pixel2Life Home Advanced Search Search Tutorial Index Publish Tutorials Community Forums Web Hosting P2L On Facebook P2L On Twitter P2L Feeds Tutorial Index Publish Tutorials Community Forums Web Hosting P2L On Facebook P2L On Twitter P2L Feeds Pixel2life Homepage Submit a Tutorial Publish a Tutorial Join our Forums P2L Marketplace Advertise on P2L P2L Website Hosting Help and FAQ Topsites Link Exchange P2L RSS Feeds P2L Sitemap Contact Us Privacy Statement Legal P2L Facebook Fanpage Follow us on Twitter P2L Studios Portal P2L Website Hosting Back to Top