In this post, we talk about How-to configure Domain Password Policies.
1. Login to your Domain Controller (or use windows client with installed RSAT). Click on Start button and find in apps list Windows Administrative Tools;
2. Click on Group Policy Management;
3. Find Default Domain Policy (Forest\Domains\<Domain Name>\Group Policy Objects);
4. Right Mouse Button click on Default Domain Policy and select Edit;
5. Go to Password Policy (Computer Configuration\Policies\Windows Settings\Security Settings\Password Policy);
6. Enforce password history – how many passwords system will remember. How many unique passwords user must use when every time reset password;
7. Maximum Password Age – how long will password live. After this period user, will be prompted to reset password. (You may set “0” for “unlimited” age time);
8. Minimum Password Age – user may change password after this period. (You may set “0” for “unlimited” age time);
9. Minimum Password Length – how long will be your passwords, but not less this value;
10. Password must meet complexity requirements – you may set this parameter if you need in very strong passwords (small “a” and big “A” letters, digits “1” and special symbols “!“);
11. Store passwords using reversible encryption – by default not used in domain, only if application required.
Best settings for Password Policies in your organization you setup by yourself.