Windows XP methods to improve the security of account passwords
In peacetime we define a more secure password rule using the system's Local Security Settings tool, which can be activated by entering "Secpol.msc" in "Start → run". The left directory tree in the main window expands "account policy → password policy" in turn, and the password rule we want to define is the option displayed on the right panel!
Setting Password complexity
First double-click "Password must meet complexity requirements", set the security setting to Enabled, at which point the password created by the user in the control Panel → user account must contain uppercase and lowercase letters, Arabic numerals, special characters, three types of characters, and a dialog box prompts if none of the characters are included.
Minimum password Length: the minimum number of digits that a user creates a password, which can be entered in Arabic numerals between 0 and 14, and 0 does not require detection of the password length created. Once the user creates a password that does not meet the required number of digits, the system will also eject the dialog box warning.
Maximum password lifetime: This is an interesting option to set the expiration time of a password, that is, a new password that meets the requirements must be replaced within the specified cycle time. Of course, setting to 0 means that the password will never expire, and the maximum cycle time is 999 days.
Minimum password lifetime: Relative to the Maximum password age option, the minimum time that a password will survive is set, during which time the user is not allowed to change the password. Similarly, set to 0 can change the password at any time, the maximum time the password can survive is 998 days.
Mandatory password history: Frequent change of password, must produce a number of different passwords, and at this time the system will help you "memory" you have used the password, help you remember the number of passwords by you to "tell" the system. 0 means that you do not have to keep the password history, the system can only help you remember the history of the 24 password, the original system memory is also limited.
Store passwords for all users in the domain using reversible encryption: It is recommended that you disable this feature to ensure password security.
Clear the specific meaning and scope of the options, we can flexibly customize the password rules, the author here provides a reference scheme: Password complexity requires enable, password length minimum set to 8 characters, mandatory password history set to 0, then determine the password longest (short) lifetime, Generally, the maximum lifetime is set to 2 to 3 times times the shortest lifetime, such as the maximum lifetime is set to 30 days, so the shortest lifetime can be set to 10 days, which is more reasonable.
Renaming a system administrator account
WinXP the default system administrator account name is "Administrator" (that is, the so-called Real system Administrator account), many system experts recommend that users have this account set up the password, because the account is hidden in the normal system state, and in Safe mode, the account resolutely appear in the login screen , without setting a password, of course, you can "break into" the system without a password. In the local security settings, we can rename the system administrator account name, expand Local policy → security options in the left directory tree, double-click account: Rename administrator account Administrator on the right panel, and enter a new administrator account in the pop-up window. However, after several tests, the new system administrator account name cannot be the name of the administrator account currently logged on, or the "failed to save local policy database" error dialog box is ejected.
In fact, as early as the installation of the WinXP system, the creation of the account nickname is not allowed for the administrator and the name of the guest, if you and the author, like to use the "Administrator" account nickname, at this time do not have to enter any characters in the account nickname, direct cooling system, reboot, WinXP has skipped the account nickname step and logged into the system directly with the administrator account.