Originally Posted by DarthBBerry
Password Pattern Checks - No Restrictions
Maximum Password Age - 90 Days
Maximum Security Timeout - 15 Minutes
With sensitive data, you may want to change that to less; like 5 minutes of inactivity.
Minimum Password Length - 6
Password Required - Yes
Maximum Password History - 4
Suppress Password Echo - Yes
This is debatable. If your user can't remember the password, perhaps actually seeing it on the screen will help. (I've had users say they set the password to 1234567654321 when in actuality is is "wersdfzfdsrew". They were looking at the numbers but not using the ALT key.)
Maximum Password Attempts - 8
If the end user can't remember their password after 6 attempts, they sure as heck ain't gonna get it at 8. My policy is set to 6.
Password Timeout - 15 Minutes
I also recommend that you put a Forbidden Password policy in place. 911 is a no-no in my environment. If you happen to have 911 in part of your password, your device may call 911 Emergency.
Disallow Third Party Applications Downloads - No
You may be opening up for some strange 3rd party apps on devices. I've seen some really bizarre things make an OS go "POOF."
You may want to add:
User Can Change Timeout: No
Content Protection Strength: Strong
External File System Encryption Level: Encrypt to User Password (including multi-media directories)
Some type of password/encryption requirement for Bluetooth if allowed. Otherwise, disable it completely.
Same goes for Smart Card Readers.
Thanks! That is some good information.