Best Practice passwords

I searched (perhaps not very well) for some best practice recommendations for the various password / account lockout parameters and recommended settings in a medium security 2003 domain. I know there is such a MS document as I remember reading it many moons ago, and it had recommendations for either low/medium/security environments for all the possible password/account lockout parameters? Anyone know of similar or where I can download it...
Who is Participating?
JanStoopsConnect With a Mentor Commented:
jetpowercomConnect With a Mentor Commented:
A lot of documentation exists on this.  Here are two sources from Microsoft::  

MS - Configuring Account Lockout

MS - Account Lockout Whitepaper

While every environment has its own particular considerations, these are two which should provide you with defensible best practice recommendations.

Hope this helps!
FemSteenkampConnect With a Mentor Commented:
Just a side note which most papers don't mention.

If you have account lockout settings enabled, make sure you have helpdesk capacity to handle the additional workload.  A significant number of applicaions (e.g. adobe, IM's mail clients, browser bars,old TS connections, etc) store passwords locally and will use these to look for updates on internet (proxy authentication is used) or connect to mail services.

without account lockout, these just fail in teh background. with loackout enabled they will lock the account of the user, interupting his normall mail file access when account is locked.  finding the root cause of the cached/old password  is tricky and you might have to resolve to specific tools (e.g. microsofs account lockout tools (ALTOOLS) to identify which users in a domain is being locked out, and then troubleshooting what is causing the lockout.

also be carefull of not getting too aggresive with password requirements (length, time to change) as most people will just resort to writing passwords down soemwhere, defeating the password security, although you might still pass yout IT audit for having the settings in place

marek1712Connect With a Mentor Commented:
NSA released plenty of the information about securing Microsoft's OSes:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.