Harden Your Windows Network with Strong Passwords - Page 2

Part One: Many security-minded admins scoff at passwords as tissue-thin protection against malicious users. But with Windows 2003 Server's password policy tools, you can do a lot to tighten down your most basic line of defense.

 By Drew Bird
Page 2 of 2   |  Back to Page 1
Print Article

Continued From Page 1

Limitations of the Password Policy
Before concluding our discussion of the Password Policy, it is worth pointing out one major consideration. Both the Password Policy, and the Account Lockout Policy that we will discuss in Part Two of this series, are set on a domain-wide level. If you have numerous departments with differing policy needs, this represents a problem. For example, a research department with very high security needs and a customer service department with only moderate security needs will end up with the same security settings if they are in the same domain. Of course, you could create multiple domains, and then divide the departments up among the domains according to their security requirements, but that is a major design decision, and one that might not be practical if your Active Directory infrastructure is already in place.

With this in mind, perhaps the best way to use the policies is simply to configure the policies at the highest security level required within the entire domain. Departments with lower security needs simply end up being more secure than necessary, but there is nothing wrong with that.

Next Week…
In part two of this article, we'll look at how you can configure the Account Lockout Policy to increase the authentication security of your systems even further. We'll also look at what non-computer based policies you should have in place to govern password use. Until then!

Drew Bird has been working in the IT industry since 1988. He has a wide range of experience gained from many years of designing, managing, implementing, and supporting networked environments. Drew now divides his time between consulting work and writing and delivering technical training courses. He also writes a regular feature here on Enterprise Networking Planet, and authors technical books.

This article was originally published on Mar 30, 2005
Get the Latest Scoop with Networking Update Newsletter