We currently have a very lax password policy on our network. Our network consists of one AD domain. We would like to force a more stringent password policy. I looked on the domain controller and in the Group Policy Management Console, Domain, Default Domain Policy, (right-click and Edit). Under the Computer Configuration, Windows Settings, Security Settings, Account Policies, Password Policy, all policy settings are Not Defined.
I then look in the Local Security Policy, Security Settings, Account Policies, Password Policy and it shows what we current seem to be using, (Max password age - 365 days, Min password length – 5 characters). I would like to enforce a 90 day max age, 7 characters which must include at least one upper case and one number and perhaps a symbol. Where do I do this? I thought it was in the Group Policy Management Console but the Local Security Policy has me confused.
Note: This was set up before me starting here.
Edit the Default Domain Policy
Then expand Computer Configuration, Windows Settings, Security Settings, Account Policy.
Edit the Password policy and configure:
a) Max password age = 90
b) Min password length = 7
c) Password must meet complexity requirements = Enabled.
Secpol.msc editor only applies to the <u>local PC</u>, not the domain.