Account policies and resolving authentication issues in Windows

Account policies allow you to configure how passwords work on clients running windows 7. There are different account polices in windows 7:

1. Enforce password history: When you configure this policy on Windows 7 a certain number of passwords which were previously used are remembered by Windows 7. It does not allow users to set new passwords to one they have already used. You can configure the number of passwords that Windows can remember.
2. Maximum password age: It is the maximum number of days that a person can keep the same password. The user has to change the password as the limit expires. This policy will not work if the user has enabled the ‘Password never expires’ setting.
3. Minimum password age: This policy is configured when the new password created is kept only for minimum number of days before the user change their password. This is done to keep the record of the passwords which the user had used previously.
4. Minimum password length: This policy ensures that the password has the minimum number of characters.
5. Password must meet complexity requirements: This policy is configured so that the passwords can include lower case, upper case, symbols, characters and numbers. You cannot have username, last name and first name of the user.
6. Store passwords using reversible encryption: This policy provides support for the applications that use protocols that require knowledge of the user’s password for authentication purposes. It is same as storing plain text versions of the passwords. The policy should never be enabled unless application requirements need to protect password information.

Account lockout policies

1. Account lockout duration: It maintains the length of the time account is locked out before user attempt to login again. 2. Account lockout threshold: The number of times user can enter the incorrect password before the account is locked out. 3. Reset account lockout counter after: It specifies the number of times Windows records invalid login attempts. A valid logon automatically resets the account lockout counter.

Resolving authentication issues:

Password reset disks: It allows the user to recover the password without losing the encrypted data. The only disadvantage is it can be used by anyone to recover the specific password account. We have to create a password reset disk before the password is lost. We can create a password reset disk, which can store password reset data on a floppy drive or USB drive. When you click on ‘Create a password reset disk’ it pops up the forgotten password wizard. This will save the password information of that user to the respective disk drive.

Steps to create a ‘Password reset disk’:

1. Insert the USB drive and wait to initialize and receive a drive letter.
2. Go to ‘Start’ – ‘Control panel’ – ‘User accounts and family safety’ – ‘User Accounts’.
3. From the left pane, Click ‘Create a password reset disk’. Forgotten password Wizard appears. Click ‘Next’.
4. In create a password reset disk, select the ‘USB flash’ drives option.
5. Click ‘Next’. In the ‘Current user account password’ enter the ‘current password’.
6. Click ‘Next’—‘Next’. Click ‘Finish’ to complete the process.

Steps to recover a lost password:

1. Click on ‘Reset password’ link at login prompt. The ‘Password reset’ wizard will appear.
2. Click ‘Next’. Select the USB drive where you have created the password reset disk from the drop down box.
3. Click ‘Next’. It will take the reset key and ask you to type a ‘New password’ so that the previous password is rest.
4. Type a ‘New password’ and ‘confirm password’. Click ‘Next’. Click ‘Finish’ to finish the operation.