; (c) Microsoft Corporation 1997-2000
;
; Security Configuration Template for Security Configuration Editor
;
; Template Name:        W2k Domain POLICY.INF
; Template Version:     05.00.DR.0000
;
; Revision History
; 0000  -	Original
; May 2001 - SNAC version 1.0
; November 2001 - 
;	Changed the line "RequireLogonToChangePassword = 1" to 
;	"RequireLogonToChangePassword = 0" under the [System Access] 
;	section. This line is an artifact from Windows NT 4.0 templates and could have
;	adverse effects on a user's ability to change password at first logon. If you have
;	experienced this problem, please reapply this corrected inf file, or, via a 
;	text editor, create and apply an inf file with only the following lines:
;	[Unicode]
;	Unicode=yes
;	[System Access]
;	RequireLogonToChangePassword = 0

;	
;	NOTE: This setting does NOT appear when the template file is viewed graphically in
;	the MMC.

[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
[System Access]
MinimumPasswordAge = 1
MaximumPasswordAge = 90
MinimumPasswordLength = 12
PasswordComplexity = 1
PasswordHistorySize = 24
LockoutBadCount = 3
ResetLockoutCount = 15
LockoutDuration = 15
RequireLogonToChangePassword = 0
ForceLogoffWhenHourExpire = 1
ClearTextPassword = 0
[Kerberos Policy]
MaxTicketAge = 10
MaxRenewAge = 7
MaxServiceAge = 600
MaxClockSkew = 5
TicketValidateClient = 1
[Registry Values]
[Profile Description]
Description=NSA Enhanced Security for Windows 2000 Domain Policy. Contains only account policies and one security option.