Microsoft Windows 2000 and 2003 Audit Program

1. Account Policy/Password Policy
a. Enforce password history
b. Max. password age
c. Min. password age
d. Min. password length
e. Password must meet complexity req.
f. Store password reversible encryption.

2. Account Policy/Kerberos Policy
a. Enforce user logon restrictions
b. Max. lifetime for service ticket
c. Max. lifetime for user ticket
d. Max. lifetime for user ticket renewal
e. Max. tolerance for computer clock sync.

3. Account Policy/Account Lockout
a. Account lockout duration
b. Account lockout threshold
c. Reset account lockout counter after.

4. Local Policies/Audit Policy
a. Audit account logon events
b. Audit account management.

5. Local Policies/User Rights
a. Access this computer from the network (authenticated users – restrict from admins)
b. Act as part of the operating system (no accounts should have this right)
c. Add workstations to the domain (admins only)