Windows NT Security Policy
- The account policy controls user password behavior. This policy sets the length of the password, number of login attempts allowed, timeout period and password expiration. It also controls the required complexity of user passwords.
- The audit policy sets the events recorded in the security log. The available options include account management, detailed tracking, file/object access, privilege use, policy change, system events and users logging on and off.
- The trust relationships policy is only used with two or more domains. There are two types of relationships, trusted and trusting. A trusting domain will allow the trusted domain controllers to verify user's credentials when logging in to computers in its domain and accessing resources. To decentralize this type of user management, two or more domains can have both a trusted and trusting relationship. This is normally done when domains exceed the maximum size of 40,000 users and need to split while maintaining the same structure.
- The user rights policy controls the access permissions users and groups have in the domain. This includes administrative tasks such as permission to perform backups, printer administration and increasing quotas. It also includes logon and power off permissions.
