I FINALLY finished the redesign I wanted to do to the security framework that is available for download from Microsoft. Among the things I added were:

1. User lockout after three unsucccessful attempts. After this occurs the SysAdmin has to unlock the account.
2. Forced password changes after 29 days (interval is defined as a property on the chpasswd form)
3. If the user forgets his/her passwword, the SysAdmin can reset it, blank out the next change date field. This forces the user to change his/her password and the SysAdmin doesn't know what the user's password is.

I had promised to send this to a few members but inadvertantly my e-mail system got hosed so I lost the list of recipients. So if anyone is still interested, send me your e-mail address and I'll forward you a copy. Also if anyone has made modifications I would be interested in seeing them as well.