Account Passwords and Policies in Windows Server 2003

Applies To: Windows Server 2003 with SP1

Microsoft Windows NT Server 4.0, Windows 2000, Windows XP, and the Windows Server 2003 Family

Password and account lockout settings are designed to protect accounts and data in your organization by mitigating the threat of brute force guessing of account passwords. Settings in the Account Lockout and Password Policy nodes of the Default Domain policy settings enable account lockout and control how account lockout operates. This white paper describes how these settings affect account lockout and makes some general recommendations for configuring and troubleshooting account lockout issues.

This document describes the reasons why you should take a structured approach to setting the account and password policy features. The document also provides information about the tools and log files that you can use to troubleshoot account lockouts. After you read this document, you should be able to determine from which computer the account lockouts are being generated, as well as the program or service that is generating the lockout.

In This White Paper

• Account Lockout and Password Concepts

• Configuring Account Lockout Settings

• Configuring Account Lockout

• Details of Account Lockout Settings and Processes

• Maintaining and Monitoring Account Lockout

• Troubleshooting Account Lockout

• Account Lockout Tools

• Appendix One: Additional References for Account Lockout

• Appendix Two: Gathering Information to Troubleshoot Account Lockout Issues