mutec1
asked on
Window group policy
What can happen on a Window domain if you do not define your Audit policy.
Can that make your Windows domain weak?
Can that make your Windows domain weak?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm not sure what you mean exactly? Perpahps this ?
Password Policies
To modify the Password Policy on the domain, Click START->Programs->Administr
Expand Account Policies->Password Policy
The settings are:-
Enforce Password History: (Default 24) - Stops you using the same password each time by remembering previous passwords you have used.
Maximum Password Age: (Default 42) - Forces users to make up a new password at the specified interval - 0 = never expires (unless the account is marked "Password does not expire")
Minimum Password Age: (Default 0) - Passwords must be at least this age before they can be changed (stops user changing passwords too often)
Minimum Password Length (Default 8) - Passwords must have at least this number of characters
Password Must Meet Complexity Requirements: (Default Enabled) : in enabled Passwords must contain:-
At least one letter A-Z
At least one letter a-z
At least one number 0 - 9
At least one character that is neither a letter or a number
Store Passwords Using Reversible Encryption: (Default Disabled): May occasionally be required for interoperability with some non-Microsoft Systems.
Account Policies
Lockout Duration
The amount of time the password remains locked out (0 = forever - must be unlocked by admin)
Lockout Threshold
The number of attempts allowed
Reset counter after
Attempt count is reset to 0 after this period
Example if
Lockout Duration = 30
Lockout Threshold = 3
Reset counter after = 15
Then you can try up to three times in any 15 minute period, get it wrong 3 times in the 15 min period and you get locked out for 30mins. Nothing to stop you trying twice, waiting 15min and trying another twice&
Password Policies
To modify the Password Policy on the domain, Click START->Programs->Administr
Expand Account Policies->Password Policy
The settings are:-
Enforce Password History: (Default 24) - Stops you using the same password each time by remembering previous passwords you have used.
Maximum Password Age: (Default 42) - Forces users to make up a new password at the specified interval - 0 = never expires (unless the account is marked "Password does not expire")
Minimum Password Age: (Default 0) - Passwords must be at least this age before they can be changed (stops user changing passwords too often)
Minimum Password Length (Default 8) - Passwords must have at least this number of characters
Password Must Meet Complexity Requirements: (Default Enabled) : in enabled Passwords must contain:-
At least one letter A-Z
At least one letter a-z
At least one number 0 - 9
At least one character that is neither a letter or a number
Store Passwords Using Reversible Encryption: (Default Disabled): May occasionally be required for interoperability with some non-Microsoft Systems.
Account Policies
Lockout Duration
The amount of time the password remains locked out (0 = forever - must be unlocked by admin)
Lockout Threshold
The number of attempts allowed
Reset counter after
Attempt count is reset to 0 after this period
Example if
Lockout Duration = 30
Lockout Threshold = 3
Reset counter after = 15
Then you can try up to three times in any 15 minute period, get it wrong 3 times in the 15 min period and you get locked out for 30mins. Nothing to stop you trying twice, waiting 15min and trying another twice&
ASKER