answersLogoWhite

0

you can use combination of six policies

Configuring Password Policy Settings in an Active Directory-Based Domain

You must be logged on as a member of the Domain Admins group.

To implement password policies on network computers belonging to an Active Directory domain:

1. Navigate to the Control Panel (Start }Settings } Control Panel) and open the `Administrative Tools'.

2. Open the `Active Directory Users and Computers'. Right click on the root container of the domain and select Properties.

3. In the properties dialog, click on the Group Policytab. Then click on New to create a new Group Policy Object (GPO) in the root container.

4. Specify the name of the new group policy (for example, "Domain Policy") and then click on Close.

NOTE: Microsoft recommends that you create a new Group Policy Object rather than editing the default policy (called `Default Domain Policy'). This makes it much easier to recover from serious problems with security settings. If the new security settings create problems, you can temporarily disable the new Group Policy Object until you isolate the settings that caused the problems.

5. Right click on the root container of your domain and select Properties. This will bring up again the Domain Properties dialog.

6. Click on the Group Policy tab, and select the new Group Policy Object Link that you have just created (for example, `Domain Policy').

7. Click on Up to move the new GPO to the top of the list, and then click on Edit to open the Group Policy Object Editor.

8. Expand the Computer Configuration node and navigate to Windows Settings } Security Settings }Account Policies } Password Policy folder.

9. From the right pane, double-click on the `Enforce password history' policy. Then select the `Define this policy setting' option, and set the `Keep password history'value to `24'.

10. Click on the OK button to close the dialog.

11. From the right pane, this time double-click on the `Maximum password age' policy. Then select the `Define this policy setting' option and set the `Password will expire' value to 42 days.

12. Click on OK to close the properties dialog.

13. From the right pane, double-click on the `Minimum password age' policy. Then select the 'Define this policy setting' option and set the `Password can be changed after:' value to `2'.

14. Click on the OK button to close the dialog.

15. From the right pane, double-click on the `Minimum password length' policy. Then select the `Define this policy setting' option and set the value of the `Password must be at least:' entry field to `8'.

16. Click on the OK button to close the dialog.

17. From the right pane, double-click on the `Password must meet complexity requirements' policy. Then enable the `Define this policy setting in the template' option, and select `Enabled'.

18. Click on the OK button to close the dialog.

User Avatar

Wiki User

14y ago

What else can I help you with?

Related Questions

Difference between a Local Group Policy and a Domain Group Policy?

Microsoft recommends that access control to computer resources be administered by using groups. In this way, many users that have similar needs for resources can be dropped into a group that has the correct permissions already configured instead of individually modifying each user account. Group permissions to access resources are configured using group policy. A policy usually addresses one very specific aspect of a system's configuration. There are many policies that can be configured for a group to control system access and behavior. Local group policy addresses only users who are physically logging into one particular machine such as the server itself or a stand alone operating system. To log into a machine locally, a user must create a unique ID/Password pair that authenticates the local user to the local physical system. Once authenticated to the local physical machine, group policy according to which local group the user is assigned is initiated. Domain authentication as well as domain group policy is maintained centrally by the server for the domain. Even if a user has configured a local ID/Password pair for their local physical computer, a different and unique ID/Password pair is created to log onto the domain. When a domain user is created, they also must be assigned to a domain group. Once the server for the domain authenticates the domain user, the policy for the domain group the user belongs to is initiated. These policies are centrally administered by the domain administrator instead of each computer in the domain being configured separately for each user. Domain group policy can be configured to control access and behavior for any resource on the entire domain including resources on client computers. Local group policy can only control what is on the local machine at which a user is sitting. Finally, domain group policy supersedes any local group policy.


After how many days must a domain user change their password by default?

42 Days.


How many user passwords are remembered by a domain controller as part of password history setting by default?

24


I can access web but can't access lan resources on network?

Many times this is because the resources are part of a Windows Domain. Domains have strict security capabilities that will lock computers not part of the domain out. You can have your machine physically on the same network, but not part of the domain, and if that is the case, you will not be able to use domain resources. Ask your tech support goons to either add your machine to the domain, ensure that your current user login is a domain user, and make sure that your password has not expired.


Is cell phone a parallel circuit?

There are many sections in the circuitry of a cellphone that are configured in parallel. There are also many others, in the same phone, that are configured in series.


How many different websites can be configured in IIS?

unlimited


How can define primary domain controller or additional domain controller?

On Windows Server Systems, a domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination. Additional Domain Controller (ADC) or Backup Domain Controller (BDC) is a backup computer hosting DC services to be used as a backup in case your primary DC goes down or is somehow unavailable. The Primary Domain Controller (PDC) and BDC synchronise their data on a regular basis so that either can be used as DC.


When would a PC need to be configured?

When it is new it will initially be configured. When a new operating system is installed, it will be configured. Installing some software or changing some settings may require a little re-configuring. If you are chaning the country settings, for example. If the computer is being connected to a network it may need to be configured. If it is being upgraded it may be configured. If it is having a complete change in usage, maybe as a server instead of a client it may be configured. So there are many reasons when a computer would be configured.


What are some domain names in Australia?

There are many domain names in Australia. Australia.gov is one domain name, as is Australiazoo. There are many different domain names with Australia in the title.


How many WMI filters can be configured per GPO?

1


How many IP address can one Network Interface be configured with?

2


How many host can be configured using a subnet mask 255.255.255.248?

c