Step by step implementation of password policy settings
Review part I: Set up a secure password system
In this section we will provide you with step-by-step instructions on advanced security by implementing password settings on the computers in your organization.
- Configure password policy settings in an Active Directory-based domain
- Configure password policy settings on individual computers
Configure password policy settings in an Active Directory domain
Request
• Requirements : You must be logged in as a member of the domain admin group.
• Tools : Active Directory Users and Computers
• To enforce password policies on the computer system of an Active Directory domain
- Go to Start > Control Panel , double-click Administrative Tools, and then double-click Active Directory Users and Computers .
- Right-click on the domain root
- Select Properties from the menu that appears:
Note : The image in this document is a test environment and information may change with the information displayed on your screen. - In the properties dialog box, select the Group Policy tab, and then click New to create a new group policy object in the domain root. Enter " Domain Policy " for the name of the new policy and then click Close .
Note : Microsoft recommends that you create a new Group Policy object instead of editing the so-called Default Domain Policy because it is easier to recover important issues with security settings. . If new security settings cause problems, you can temporarily disable the new Group Policy object until you isolate those settings. - Right-click on the domain root, then click Properties .
- In the properties dialog box, click the Group Policy tab, and then select Domain Policy .
- Click Up to move the new GPO to the top of the list, then click Edit to open the Group Policy Object Editor for the GPO you created.
- Under Computer Configuration , navigate to the Windows SettingsSecurity SettingsAccount PoliciesPassword Policy folder
- In the details pane, double-click Enforce password history , select Define this policy setting , set the value of Keep password history to 24 and then click OK .
- In the details window, double-click Maximum password age , select Define this policy setting and set the value of Password will expire in 42 , click OK then click OK to close the Suggested Value Changes window that appears.
- In the details window, double-click Minimum Password Age , select Define this policy setting and set the value of Password to be changed after is 2 and then click OK .
- In the details window, click Double Minimum Password Length , select Define this policy setting and set the value of the Password to be at least 8 and then click OK .
- In the details window, double-click Password must meet complexity requirements , select Define this policy setting in the template , select Enabled then click OK .
- Close the Group Policy Object Editor , click OK to close the domain properties dialog box, and then exit Active Directory Users and Computers .
Check for new settings
Use the procedure below to check if the appropriate password policy settings have been accepted and valid in the GPO Domain Policy. Check their settings and operations to make sure that the correct password policies are applied to domain users.
Request
• Requirements : You must be logged in as a member of the Domain Admins group
• Tools : Active Directory Users and Computers.
• To check password policy settings for an Active Directory domain
- Open Active Directory Users and Computers , right-click your domain, then click Properties .
- In the properties dialog box, click the Group Policy tab, select the Domain Policy GPO, and then click Edit to open the Group Policy Object Editor .
- Under Computer Configuration , go to the Windows SettingsSecurity SettingsAccount PoliciesPassword Policy folder and check if your settings are correct with the settings shown here:
- Close the Group Policy Object Editor , click OK to close the properties dialog for your domain, then exit Active Directory Users and Computers .
- Checking to ensure that users cannot specify passwords shorter than 8 characters, unable to create complex passwords and cannot immediately change their new passwords.
Configure password policy settings on stand-alone computers
Request
• Requirements : You must be logged in as a member of the Administrators group.
• Tool : Local Security Policy.
• To implement password policy on non-Active Directory computer systems, proceed as follows:
- Go to Start , click Control Panel , double-click Administrative Tools and then double-click Local Security Policy .
- Navigate to the Account PoliciesPassword Policy folder.
- In the details window, double-click Enforce password history , set the value of Keep password history to 24 , and then click OK .
- In the details window, double-click Maximum password age , set the value of Password will expire in to 24 , and then click OK .
- In the details window, double click on Minimum Password Age , set the value of Password can be changed after 2 , then click OK .
- In the details window, double click on Minimum Password Length , set the value of Password to be at least 8 , then click OK .
- In the details window, double-click the Password must meet complexity requirements , select Enabled, and then click OK .
- Close Local Security Policy .
Check for new settings
Request
• Requirements : You must be logged in as a member of the Administrators group.
• Tool : Local Security Policy.
• To check password policy settings for this computer system, follow these steps:
- Open Local Security Policy , navigate to the Account PoliciesPassword Policy folder and check if your settings are correct for the settings shown here:
- Close Local Security Policy .
- Check to ensure that users cannot specify passwords that are shorter than 8 characters, cannot create non-complex passwords, and cannot change their new passwords immediately.
You should read it
- Top 5 security settings in Group Policy of Windows Server 2008
- Turn off password display in Windows 8 when logging in
- 10 important Windows Group Policy settings need to be done immediately
- How to Remove a Password on Windows
- How to Change Your Password in Windows 8
- How to check and access UEFI settings on Windows 10
- Configure App-V with Group Policy Objects
- How to Turn Off Password Login on a Mac
May be interested
- Malware will not be detecteda security researcher specializing in rootkits has successfully developed a prototype of a new technology that enables the creation of '100% invisible' malware, even for x64 systems like windows vista.
- How to be safe on a wireless networkmost people enjoy the benefits of wireless technology. wireless networks obviously bring many advantages to users, and they can be vulnerable if you don't have security.
- Methods of protecting personal information with solid passwordspassword is the key that you use to access personal information that you have saved on your computer and in your online account. if thieves or other dangerous users steal this information, they can use t & ec
- Security tool all in onethe worm can spread through spam and spyware that can seed trojans, a series of new threats that will no longer be clearly differentiated. in response, security software incorporates many different tools to keep your pc safe.
- Apache 2.0 with SSL / TLS protocol: Step by step instructionsfor more than ten years, the ssl protocol has been widely used to ensure the safety of web transactions over the internet. you can imagine millions of dollars every day, billions of dollars of transactions on the network using ssl. however, the simple truth is us
- Secure data in USB cardwe store everything from good music to important documents and there are also some documents that are your own secret, it's unfortunate that someone can read what you don't want the world to know that now he is