Domain Security Policies

Windows NT Server and Windows NT Workstation settings can provide different levels of security for user actions on the domain or computer, respectively.

You can define three security policies that apply to the domain as a whole:

• The Account policy controls how user accounts use passwords.
• The Audit policy controls the types of events the security log records.
• The Trust Relationships policy controls which domains are trusted and which domains are trusting domains. A trust relationship requires two or more single domains. This policy is available in a single-domain model (in which only one domain exists) only if the domain administering the computer is a domain controller.

The User Rights policy controls access rights given to groups and user accounts. User rights are applied at the domain level, and affect overall domain security.

For more information about the account policy, the audit policy, and the trust relationships policy, see "Managing Windows NT Server Domains" and for more information about the user-rights security policy, see "Working With User and Group Accounts," in the Microsoft Windows NT Server 4.0 Concepts and Planning Guide