Register

Forgot Password

Site FAQ

Home > IT Answers > Windows Server > How can I setup 2008 AD password complexity in Active Directory?

Karl Gechlik

9,815 pts.

How can I setup 2008 AD password complexity in Active Directory?

Active Directory, Active Directory 2008, AD, Group Policy, Password Complexity, Windows, Windows Server 2008

Where can I configure password complexity settings using group policy on a 2008 active directory network?

Software/Hardware used:
Windows Server 2008. AD

ASKED: September 15, 2010 5:19 PM

UPDATED: September 21, 2011 9:48 AM

RELATED QUESTIONS

Answer Wiki:

Edit the default domain policy in the group policy editor. Under computer settings, you'll find the security settings (I don't have a DC in front of me at the moment) and you can set them in there.

Last Wiki Answer Submitted: September 15, 2010 7:10 pm by Denny Cherry

64,520 pts.

All Answer Wiki Contributors: Denny Cherry

64,520 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Sep 28, 2010 11:59 PM (GMT)

The answer above is technically correct, however it is best practice to create a custom GPO and not edit the Default Domain Policy. Ensure you link your GPO at the domain root or the settings will apply only to local accounts on the computers within the Scope Of Management for the policy. Also ensure your policy has a higher priority in the link order and therefore applies after the DDP.

The settings you’ll need to configure are:

Computer ConfigurationWindows SettingsAccount PoliciesPassword Policy
Enforce password history
Computer ConfigurationWindows SettingsAccount PoliciesPassword Policy
Maximum password age
Computer ConfigurationWindows SettingsAccount PoliciesPassword Policy
Minimum password age
Computer ConfigurationWindows SettingsAccount PoliciesPassword Policy
Minimum password length
Computer ConfigurationWindows SettingsAccount PoliciesPassword Policy
Password must meet complexity requirement
Computer ConfigurationWindows SettingsAccount PoliciesPassword Policy
Store passwords using reversible encryption for all users in the domain
Computer ConfigurationWindows SettingsAccount PoliciesAccount Lockout Policy
Account lockout duration
Computer ConfigurationWindows SettingsAccount PoliciesAccount Lockout Policy
Account lockout threshold
Computer ConfigurationWindows SettingsAccount PoliciesAccount Lockout Policy
Reset lockout counter after

I advise a minimum length of 8 characters, with complexity switched on. Expire passwords (maximum password age) every 30 days and have a mimum of 1 day before they can be changed (to avoid cycling passwords). Remember the last 24 passwords. And teach your users how to use passphrases!

RaveDJ

70 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags