Lesson 9.4: Setup password policy using default domain policy

Описание

Setup domain password policy
It will prevent user from simple unsecure password and unauthorized users.
GPO password settings are computer configuration. It is not a user configuration.
It will apply to computer object and user are reside in computer object.


First need to go to group policy management. There is default domain policy which configure password policy. So, if you are going to create new password policy make sure there is default.
Follow the procedure
1. Go to GPO management
2. Window setting
3. Security setting account policies
4. Password policy

Minimum password history: 24 passwords remember, which mean it can remember up to 24 password and if you try to use same password that it will during 1 or 2 attempt to login user account then it won't allow you to use that.
Minimum password age: 60 days
Minimum password age: 0
Minimum password length: 14 characters
Password must meet complexity requirement: enable
Store password using reversible encryption: Disable (Make sure its disable, huge vulnerability)
5. Account lockout policy
• Account lockout duration: 30min (Account will be lock for 30min)
• Account lockout threshold: 3 invalid logon attempts
• Reset account lockout counter after: 30min ( user can reset password after 30min)