Password Policies. Once again.

Recently in the newsgroups (news:microsoft.public.security, to be specific) the question of password polices and the out-of-box defaults came up. The poster lamented a number of things: that Microsoft doesn't enable account lockout by default, that they don't have a built-in mechanism for automatically disabling unused accounts, that the 42-day default expiration is troublesome.
Password Policies. Once again.