Configure Domain Password Policies

In this post, we talk about How-to configure Domain Password Policies.

1. Login to your Domain Controller (or use windows client with installed RSAT). Click on Start button and find in apps list Windows Administrative Tools;

2. Click on Group Policy Management;

3. Find Default Domain Policy (Forest\Domains\<Domain Name>\Group Policy Objects);

4. Right Mouse Button click on Default Domain Policy and select Edit;

5. Go to Password Policy (Computer Configuration\Policies\Windows Settings\Security Settings\Password Policy);

6. Enforce password history – how many passwords system will remember. How many unique passwords user must use when every time reset password;

7. Maximum Password Age – how long will password live. After this period user, will be prompted to reset password. (You may set “0” for “unlimited” age time);

8. Minimum Password Age – user may change password after this period. (You may set “0” for “unlimited” age time);

9. Minimum Password Length – how long will be your passwords, but not less this value;

10. Password must meet complexity requirements – you may set this parameter if you need in very strong passwords (small “a” and big “A” letters, digits “1” and special symbols “!“);

11. Store passwords using reversible encryption – by default not used in domain, only if application required.

Best settings for Password Policies in your organization you setup by yourself.


Configure Domain Password Policy

  • Configure Domain Password Policy 100%
You might also like

Leave a Reply

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More