HP Brio ba200 hp brio ba200, ba400, ba600, hp kayak xu800, xm600, ProtectTools - Page 55

4 Managing Security and Smart Cards Managing Security: Configuration Settings Windows NT 4.0 Windows 2000 Account Policies To see these options, click the Accounts tab in the Smart Card Security Manager, then click the Options button. These options allow you to: • Let the user add, remove or modify accounts (refer to page 65). • Set a random password policy for users. This means that when the user changes their Windows NT password or adds a Windows NT account on their smart card, they can be forced to use a random password, have the option to use a random password or be requested to choose a password on their own. Using a randomly generated password means that the Windows NT password will be hidden from all users. This may provide a higher security level since it ensures that the only entry to the PC (for users) is using their smart card Implications: Value Security Level Provided Implications Deny Lower This setting means the user cannot randomly generate a password - they must choose one themselves. If you have set the Manual Logon option to Everybody (refer to page 49), this option should be set to Deny. This will ensure the user can type in their Windows password when doing a manual logon. However, this configuration provides little or no security improvement. Allow Medium The user can ask the system to generate a random password for them, or choose their own. For example, in the Change Account Password screen, the user is encouraged to select a password of their own (since the cursor is in the New Password box). Prefer Higher The user can ask the system to generate a random password for them, or choose their own. For example, in the Change Account Password screen, the user is encouraged to ask the system to generate a random password (since this option is checked by default). 55