Least privilege policy for windows XP

We should never leave the administrator account with a blank password. Users should have the least rights that are needed to perform there tasks. It is recommended to disable the guest account and always browse internet with the least privilege principle applied. For this you need to create a user account with limited rights. You can do this by using computer management.

Right click on My Computer, go to Manage, Local users and Groups.
Right click in the right window pane select new user and specify the username and password.
Uncheck user must change password on next log on and create the user. This user by default will not have admin rights.

Also enforce the password complexity rule in account policies snap in in group policy, Also specify account lock out duration and no of invalid attempts for locking the account. If you enable this policy by default the account will unlock after the time you specified in account lock out duration.

follow the steps mentioned below for password policy configuration:

Go to Start, Run, type gpedit.msc

In the Group Policy Editor and under Computer Configuration, expand Windows Settings, expand Security Settings, expand Account Policies, and then click Password Policies.

Double-click Enforce password history, set the value of Keep password history to 24, and then click OK.

Double-click Maximum password age, set the value of Password will expire in to 42, click OK, and then click OK to accept a suggested value change for the Minimum password age.

Set the minimum password age to 1 or 2

Double-click Minimum password length, set the value to 8, and then click OK.

Double-click Password must meet complexity requirements, select Enabled, and then click OK.

Double-click Store passwords using reversible encryption, select Disabled (default), and then click OK.

password-secure your screen saver

In Group Policy Editor, go to User Configuration, expand Administrative Templates, expand Control Panel, and then click Display.

In the details pane, double-click Password protect the screen saver, select Enabled

Also see Other security settings