Group Policy Object
Last updated
Last updated
Enforce password policy including password complexity, password expiration, account lockout.
I first opened Group Policy Management Console (GPMC), and then I navigated to
Default Domain Policy and selected edit.
Within Group Policy Management Editor, I navigated to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies> Password Policy.
This is my password policy settings:
Enforce password history: I set it to 10 to prevent reusing the old password.
Maximum password age: I set 60 days before it is required to change the password.
Minimum password age: I think 1 day is pretty good.
Minimum password length: 8 characters should be the minimum.
Password must meet complexity requirements: Enabled, the password should include a mix of uppercase and lowercase letters, numbers, and special characters.
Store password using reversible encryption: Disabled because this option allow the password to be decrypted, which pose a security risk.
Brute-force attacks are really common, and this policy should be configured to protect against the attacks.
I navigated to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies> Account Lockout Policy.
For these policy settings, I configured:
Account lockout duration: An account will be locked for 30 minutes after reaching the lockout threshold.
Account lockout threshold: The number of failed login attempts should be 3-5 times before the account is locked out.
Reset account lockout counter after: I set 15 minutes after a failed login attempt.
Once finished, I clicked Apply and close the Editor.
To update the Group Policies settings, I opened PowerShell as administrator, and run the following command gpupdate/ force
