Table of ContentsPreviousNextIndex

Configuring Password Policy Settings in an Active Directory-Based Domain

NOTE: You must be logged on as a member of the Domain Admins group.

To implement password policies on network computers belonging to an Active Directory domain:

1. Navigate to the Control Panel (Start } Settings } Control Panel) and open the `Administrative Tools'.

Screenshot 141 - Active Directory Users and Computers configuration dialog

2. Open the `Active Directory Users and Computers'. Right click on the root container of the domain and select Properties.

Screenshot 142 - Configuring a new Group Policy Object (GPO)

3. In the properties dialog, click on the Group Policy tab. Then click on New to create a new Group Policy Object (GPO) in the root container.

4. Specify the name of the new group policy (for example, "Domain Policy") and then click on Close.

NOTE: Microsoft recommends that you create a new Group Policy Object rather than editing the default policy (called `Default Domain Policy'). This makes it much easier to recover from serious problems with security settings. If the new security settings create problems, you can temporarily disable the new Group Policy Object until you isolate the settings that caused the problems.

5. Right click on the root container of your domain and select Properties. This will bring up again the Domain Properties dialog.

6. Click on the Group Policy tab, and select the new Group Policy Object Link that you have just created (for example, `Domain Policy').

7. Click on Up to move the new GPO to the top of the list, and then click on Edit to open the Group Policy Object Editor.

Screenshot 143 - The Group Policy Object Editor

8. Expand the Computer Configuration node and navigate to Windows Settings } Security Settings } Account Policies } Password Policy folder.

Screenshot 144 - Configure the GPO password history

9. From the right pane, double-click on the `Enforce password history' policy. Then select the `Define this policy setting' option, and set the `Keep password history' value to `24'.

10. Click on the OK button to close the dialog.

Screenshot 145 - Configuring GPO password expiry

11. From the right pane, this time double-click on the `Maximum password age' policy. Then select the `Define this policy setting' option and set the `Password will expire' value to 42 days.

12. Click on OK to close the properties dialog.

Screenshot 146 - Configuring the minimum password age

13. From the right pane, double-click on the `Minimum password age' policy. Then select the 'Define this policy setting' option and set the `Password can be changed after:' value to `2'.

14. Click on the OK button to close the dialog.

Screenshot 147 - Configuring the minimum number of characters in a password

15. From the right pane, double-click on the `Minimum password length' policy. Then select the `Define this policy setting' option and set the value of the `Password must be at least:' entry field to `8'.

16. Click on the OK button to close the dialog.

Screenshot 148 - Enforcing password complexity

17. From the right pane, double-click on the `Password must meet complexity requirements' policy. Then enable the `Define this policy setting in the template' option, and select `Enabled'.

18. Click on the OK button to close the dialog.

19. At this stage the password policy settings of the new GPO have been configured. Close all dialogs and exit the `Active Directory Users and Computers' configuration dialog.


Table of ContentsPreviousNextIndex