Solved

Password setting in Windows Server 2012

Posted on 2016-10-11
9
31 Views
Last Modified: 2016-10-21
I am currently working on a check list for password related settings in different operating systems. Can someone help me with the exact command/settings for Windows Server 2012?

Password requirement                                            Operating system command/setting for Windows Server 2012 ver x


Password must contain at least 15 characters
0
Comment
Question by:ubat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 4

Accepted Solution

by:
reredok earned 167 total points
ID: 41838340
For AD use Group Policy - Windows Settings - Account Settings - .... Password length etc.
Domain-Policy - AD --> independent from OS (Windows XP, Vist, 8.1, 10...)
For stand alone Server user GPEDIT.MSC
0
 
LVL 4

Author Comment

by:ubat
ID: 41838360
Thanks. Can the setting be scripted? E.g. in AIX 7.1 the command for password length is minlen=8, do a similar command exist in Windows Server 2012?
0
 
LVL 4

Author Comment

by:ubat
ID: 41838362
To be precise minlen = minimum length 8 = 8 characters. Hence what is the command in Windows for 15 characters?
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 41

Assisted Solution

by:Adam Brown
Adam Brown earned 167 total points
ID: 41838394
There isn't a single command that will do that for individual computers. Windows usually has two different types of accounts you can work with, Domain accounts and Local accounts. Domain accounts apply to all computers on a Windows Domain while Local accounts apply to specific computers. It's possible to modify the Domain account password policies on a Windows 2012 Domain Controller with Powershell using set-addefaultdomainpasswordpolicy: https://technet.microsoft.com/en-us/library/ee617251.aspx 

But there is, currently, no command included by default in windows that will do the same for a local account. There are scripts that can accomplish the task and downloadable powershell modules that can do it, but nothing straight out of the box can.
0
 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 41838451
When we are talking about domain accounts, you cannot use local settings, these are simply not even evaluated by the system.
So you need to set this in the default domain GPO. Settings in there would apply to all accounts, local accounts, too.

If however you want to govern local accounts only (and NOT domain accounts), you could use the local policies and yes, there exist commands to setup password requirements.
0
 
LVL 4

Author Comment

by:ubat
ID: 41838460
>If however you want to govern local accounts only (and NOT domain accounts), you could use the local policies and yes, there exist commands to setup password requirements.

So I guess my question(s) should be,

1. Please define the exact commands (settings?) to be used for setting up a password requirement for "password must be minimum 15 characters". This both for local accounts as well as the domain GPO.

2. Where can I find the documentation for this?
2b In addition to https://technet.microsoft.com/en-us/library/ee617251.aspx should I read/look up something else?
0
 
LVL 55

Expert Comment

by:McKnife
ID: 41838476
You don't use command for that, why should you, GPO is much faster to setup?
0
 
LVL 4

Author Comment

by:ubat
ID: 41838519
What I am trying to do is to write a password "policy" document with real world examples  from different operating systems.
The requirement(s) as stated in words are e.g. Privileged user must have password length of minimum 15 characters.
This can be translated into "pseudocode" e.g. password length >= 15 characters
Which then needs to be translated into the actual way of implementing the requirement in the operating system.
(Finally a way of checking is needed to ensure thtat whatever is supposed to have been installed/implemented/set up/scripted actually IS existing in the configuration. e.g. by using a scanner, Qualys of something else e.g. a script.)

The first step is to determine the "pseudocode" for a requirement
The second step is to determine if the requirement can be implemented in each/a given operating system / version
The third step is to clearly define the "settings" for
Windows Server 2008, 2012 etc
AIX 7.1
Solaris
IBM i
etc

e.g. Password Requirement  = minimum 15 characters
The setting to implement this in,
AIX is minlen=15
Windows Server 2012 is
OpenBSD 9 is
Solaris ver x is
etc

In the end I am going to end up with a spread sheet/a matrix. The aim of which is to clearly define to management as well as to technicians/administrators WHY, WHAT and HOW it should be done.

For windows Server 2012 it seems to be the case that the command/the setting can be Set-ADDefaultDomainPasswordPolicy (and a lot of "switches". Is this correct? Or what am I missing?

Note: I am not (yet) familiar with GPO:s in the Windows world... There is/must be a whole lot else I don't know...
0
 
LVL 55

Expert Comment

by:McKnife
ID: 41838772
ubat, though I see "you have a plan", I think you are not processing it in the correct order.
First, you need some knowledge about AD. You cannot judge comments here, even.
You need to understand
-why the pw policy is special
-why normally, no one would use commands to tune it
-that there are even two styles of password policies, the legacy one and the PSO one (google pso and GPO together) - the PSO can be applied to users, while the GPO can only be applied to each and any user.
-that here, the client OS does not even matter
-that the server OS does matter (because PSOs need a server 2008R2 or higher)
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question