Viewing the Password Policy Settings of an Active Directory-Based Domain

NOTE: You must be logged on as a member of the Domain Admins group.

Use the following procedure to verify that the appropriate password policy settings are applied and effective in the Domain Policy GPO. Verifying the settings and their operation ensures that the correct password policies will be applied to all users in the domain.

To verify password policy settings for an Active Directory domain

1. Navigate to the Control Panel (Start } Settings } Control Panel) and open the `Administrative Tools'.

2. Open the `Active Directory Users and Computers'. Right click on the root container of the domain and select Properties.

3. Click on the Group Policy tab. Then select the GPO to be checked (for example, `Domain Policy GPO') and click on Edit to open the Group Policy Object Editor.

4. Expand the Computer Configuration node and navigate to Windows Settings } Security Settings } Account Policies } Password Policy folder.

Screenshot 149 - Verifying the GPO settings

The password policy configuration settings are displayed in the right pane of the GPO editor. Assuming that you have configured the password policy of your GPO as shown in the above screenshot, you should verify that users cannot specify passwords that are shorter than eight characters. These password policy settings should also prevent users from create non-complex passwords, and should not allow users to change passwords which are not older than two days.