Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Set up a secure password system
Introduce
Most users who log on to their local PC or remote computers often use a combination of username and a password entered from the keyboard. Although there are many other techniques for authentication, such as smart cards, biometrics, or login password of operating systems, most organizations still depend on traditional passwords and still will continue in the coming years. So finding a good password and imposing a password on computers is an important and necessary issue for organizations. A good password must be a password with a certain amount of complexity - including length and type of characters - to make passwords more difficult to guess than password criminals. Setting up a good password policy for your organization can help prevent an attacker from playing the role of a legitimate user and thereby prevent data loss, sensitive information disclosure. In this article we will explain how to implement a password policy on computers running Microsoft Windows 2000, Windows XP, and Windows Server 2003 operating systems.
Depending on whether the computer in the organization is a member of the Active Directory, standalone computer, or both cases to enforce good password policies, you must perform one or two tasks below:
- Configure password policy settings in Active Directory Domain.
- Configure settings on stand-alone computers.
Once you have configured the appropriate password settings, the users in your organization will be able to create new passwords that meet length and complexity and users will not be able to immediately change their new passwords.
Note : All specific step-by-step instructions in this document have been developed using the default Start menu when installing the operating system. If you have changed the Start menu, the steps may be slightly different.
Before start
Before you can configure password settings on a network computer, you need to see what settings are involved, specify the values to use for these settings, and understand Windows to store password configuration settings. where.
Note : Windows 95, Windows 98, and Windows Millennium Edition operating systems do not support advanced security features such as password settings. If your network consists of stand-alone computers (computers not related to a domain) running these operating systems, you won't be able to set this password function on them. If the network of computers running this operating system is a member of the Active Directory directory service domain, you can enforce password settings at the domain level.
Identify settings related to passwords
For Windows 2000, Windows XP, and Windows Server 2003, there are five settings that you have to configure regarding password properties: Enforce password history , Maximum password age , Minimum password age , Minimum password length , and Must meet complexity. requirements .
- Enforce password history indicates the number of new passwords a user must use before an old password is reused. The value of this setting can be between 0 and 24; If this value is set to 0, enforce password history is disabled. For most organizations usually set this value to 24.
- Maximum password age indicates how many days a password can be used before a user is asked to change it. This value is between 0 and 99; if it is set to 0, passwords will never expire. Setting this value too low can cause a loss of effectiveness for users; otherwise this value is too high or disabling them, it will allow attackers to have more time to identify the passwords. For most organizations, this value is set to 42 days.
- Minimum password age indicates how many days a user must keep new passwords before they can change them. This setting is designed to work with the Enforce password history setting so that users cannot quickly reset their passwords and then change their old passwords again. The value of this setting can be from 0 to 999; If it is set to 0, the user can immediately change the new password. We recommend setting this value to 2 days.
- Minimum password length indicates how the minimum length of passwords is. Although Windows 2000, Windows XP and Windows Server 2003 support passwords with up to 28 characters, the value of this setting is only between 0 and 4 characters. If set to 0, the user is allowed to have blank passwords, so you should not use the value 0. In this case we recommend using 8 characters.
- Passwords must meet complexity requirements ( complexity requirements ) show how complex the passwords are required. If this setting is enabled then the user password should follow the requirements below.
- Password must be at least 6 characters long
- The password consists of at least three characters in the following five categories:
- Uppercase characters in the alphabet (AZ)
- Lowercase letters in the alphabet (az)
- 10 basic digits (0 - 9)
- Special characters (eg:!, $, #, Or%)
- Unicode characters
-
- Passwords are no more than three characters in the user account name.
If the account name is less than three characters, this test will not be performed because the speed of these passwords will be removed too high. When checking looks at a number of characters as separators to separate names into separate sections: commas, dots, dashes / hyphens, underlines, 'space' keys, pound symbols and tab keys. When those parts are longer than 3 characters, they are searched in the password; If it appears, the password will be disqualified. For example, the name "Erin M. Hagens" will be divided into three parts: "Erin", "M" and "Hagens". Because the second part has one character, it is ignored. So this user cannot have a password including "erin" or "hagens" as a substring anywhere in the password. All these tests are very sensitive.
Complex requirements are required for password changes or new creation. We recommend enabling this setting.
-
Find out how the Windows operating system stores password configuration information
Before you implement the organization's password policies, you should learn a little about how the password configuration information is stored in Windows 2000, Windows XP and Windows Server 2003. This is necessary because Because password storage techniques limit the number of different password policies you can implement and influence.
They can be a simple policy for each account database. An Active Directory domain is treated as a single account database, as a stand-alone local account database in the computer. Computers that are members of this domain also have a local account database, but most organizations that have deployed Active Directory domains require users to log on to their computers and the network using use domain-based accounts. So if you specify a minimum password length of 14 characters for the domain, all domain users must use a password that has more than 14 characters. To set up other requests for a specific number of users you must create a new domain for their accounts.
Active Directory domains use Group Policy objects (GPOs) to store a variety of configuration information including password policy settings. Although Active Directory is a hierarchical directory service, they support multiple classes of 'organizational units' (OUs) and multiple GPOs, so the password policy settings for the domain must be defined in a significant way. Original 'container' for domain. When the first domain controller created for a new Active Directory domain will have two GPOs created automatically: the default domain policy GPO and the default domain controller GPO policy. The default domain policy is linked to the original 'container'. It includes several important domain-wide settings including default password policy settings. The default domain control policy is linked to domain controllers OU and includes initial security settings for domain controllers.
A best practice solution to avoid changing the GPOs attached. If you need to apply password policy settings that are dispersed into default settings, you should create a new GPO and link it to the original 'container' or to the OU domain controller and assign it at the preferred level. Advanced is higher than the attached GPO: if there are two GPOs that conflict with the settings linked to the original 'container', the high priority GPO will take precedence.
See section II: Step by step implementation of password policy settings
David PacYou should read it
- 3 ways to display passwords *** on the browser is extremely simple
- The best password management software today
- List of easy passwords to crack in 2023, in less than a second
- How to set an app password on Windows 10
- How do websites protect your passwords?
- How to create secure passwords on Fastword
- Summary of how to create strong passwords and manage the most secure passwords
- What happens to passwords when you delete a password manager app?
May be interested
- How to set a Windows 10 password, set a password for Windows 10 computer
if you want to secure everything on your computer, setting a windows 10 password is a good suggestion for you. this way helps us better protect data and information stored on the computer. logging into a computer system running windows 10 will have an additional layer of security. - How to create a safe, secure passwordto avoid account theft, or being impersonated ... you need to know how to set a strong password for each of your accounts.
- How do websites protect your passwords?how do websites store your passwords? how do they keep your logins secure? and what is the most secure method websites can use to track your passwords?
- How to set a super strong iPhone password to hackers is also 'bundled'you want to keep your iphone secure when others hold the phone without worrying about reading messages, viewing images or data in their computers but don't know what to do? the simplest way to do that is to set a password for your iphone. please refer to our instructions below.
- A Strong Password Isn't Invulnerable: It's Still Vulnerable to These 7 Attacks!we're often told that a combination of uppercase letters, numbers, and special characters can keep our accounts secure. while that's good advice, it's important to realize that even the strongest password isn't perfect.
- Is it more secure to store passwords with hardware or software?between hardware and software password storage, which is more secure? is one option superior to the other in terms of security?
- How to Safely Backup Your Password Managerafter years of relying on password managers, you know that even these trusted digital vaults are not immune to errors. when your password manager crashes or locks you out unexpectedly, backups become essential.
- Password setting tools for PDF filesdid you know you can password protect pdf files? this pdf feature is appropriate when emailing important documents and contracts. this article will introduce you to some free tools and pay a password for pdf files.
- How to set Excel password to secure data filesetting up excel password has many ways, from simple to use excel's built-in password feature to use vba. below tipsmake.com will show you the most basic ways to protect your excel file.
- Change the forgotten password on Windows 8if you are a user with administrator rights on your computer and unfortunately you forgot your password, your computer will be locked. if that happens, in the usual way you will have to reinstall the system or restore the password using some third-party tools.
Step by step implementation of password policy settings
Malware will not be detected
How to be safe on a wireless network
Methods of protecting personal information with solid passwords
Security tool all in one
Apache 2.0 with SSL / TLS protocol: Step by step instructions