Configuring Password Policies with Windows Server 2016

What is Password Policy? 

Password policy is the policy which is used to restrict some credentials on windows server 2016 and previous versions of Server 2012, 2008 and 2003.

A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization’s official regulations and may be taught as part of security awareness training. The password policy may either be advisory or mandated by technical means. Some governments have national authentication frameworks that define requirements for user authentication to government services, including requirements for passwords. So follow the under instructions to know how to configure password policy with windows server 2016. “Wikipedia

How to Configure Password Policies with Windows Server 2016?

You can open up Group Policy Management Editor into three various ways.

First Method: press windows key and type control panel and now select administrative tools and then select local security policy. A new window will pop up, click account policies, Password Policy. Here you will see about six policies. If you don’t want to use graphical way just type gpedit.msc on the RUN window then hit enter. Now go to this path. Computer Configuration/Windows Settings/Security Settings/Password Policy.

Local Group Policy Editor

Local Group Policy Editor

Second Method: If you don’t want to use graphical way just type gpedit.msc on the RUN window then hit enter. Now go to this path. Computer Configuration>Windows Settings>Security Settings>Password Policy.

Group Policy Editor

Group Policy Editor

Third Method: Open Server Manager and click on Tools. Scroll down until you see the GPO (Group Policy Management). Right, click on the Domain then choose Edit. Now you will see the same window like before. Go to Computer Configuration> Windows Settings> Security Settings> Password Policy.

These were three different ways that you can apply password policy on the network computers.

What is Enforce Password History?

Enforce password history is the policy that don’t allow the users to use the same password for many times. For example Once your Device password is Admin, and for the next time, you can’t use this password for login on your computer. After some months or year, it may expire. When it is expired, so you must use another password. Here I have set it to 10 times. It means that I can’t use my old password less than 10 times. In ten times I must use a different password. After 10 times, I can use my first password. For more information look at the chart below.

Enforce Password History rules

Enforce Password History rules

What is Maximum password Age?

This security setting determines the period of time in days that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 to 999, or you can specify that passwords never expires by setting the number of days to 0. If the maximum password age is between 1 and 999 days. the minimum password age must be less than the maximum password age. If the maximum password age is set to 0. The minimum password age can be any value between 0 and 998 days.

Maximum Password Age

Maximum Password Age

Note: It is a security best practice to have passwords expire every 30 to 90 days, depending on your environment. This way, an attacker has a limited amount of time in which to crack user’s password and have access to your network resources.

What is Minimum Password Age?

The minimum password age must be less than the maximum password age unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 to 998. It’s very important that you have to use the minimum password age. If you don’t use, the user may cycle the password history till they get their old favorite password. If you set the minimum password age, so they will not change their password quickly.

Minimum Password Age

Minimum Password Age

What is Minimum Password Length?

This is security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or establish that no password is required by setting the number of characters to 0.  Here I have set up to 8 characters. Mostly you see this policy on websites or social accounts.

Minimum Password Length

Minimum Password Length

What are Password Complexity Requirements?

If this policy is enabled, passwords must meet the following minimum requirements.

  1. Be at least six characters in length
  2. Contain characters from three of the following four categories
  3. English uppercase letters (A through Z)
  4. English Lowercase letters (a through z)
  5. Base 10 digit (0 through 9)
  6. Non-alphabetic characters ( !,@,#,$,%&,*)
Password Must Meet Complexity Requirements

Password Must Meet Complexity Requirements

It’s very useful and restrict vulnerabilities. You can see this policy when you create an Apple ID.

Store passwords Using Reversible Encryption

This policy provides support for applications that use protocols that require knowledge of the user’s password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information. Simply I should tell you when you enabled this option, it will encrypt the password and no-one can access to your password very easily.

Store Passwords Using Reversible Encryption

Store Passwords Using Reversible Encryption

It was all about how to configure password policies with windows server 2016. It does not only work on windows server 2016 but also work on later versions. Thanks for being with us.

4 Comments

  1. Guru
  2. Mahesh

Leave a Reply