Solved

Password setting in Windows Server 2012

Posted on 2016-10-11
9
25 Views
Last Modified: 2016-10-21
I am currently working on a check list for password related settings in different operating systems. Can someone help me with the exact command/settings for Windows Server 2012?

Password requirement                                            Operating system command/setting for Windows Server 2012 ver x


Password must contain at least 15 characters
0
Comment
Question by:ubat
9 Comments
 
LVL 4

Accepted Solution

by:
reredok earned 167 total points
ID: 41838340
For AD use Group Policy - Windows Settings - Account Settings - .... Password length etc.
Domain-Policy - AD --> independent from OS (Windows XP, Vist, 8.1, 10...)
For stand alone Server user GPEDIT.MSC
0
 
LVL 4

Author Comment

by:ubat
ID: 41838360
Thanks. Can the setting be scripted? E.g. in AIX 7.1 the command for password length is minlen=8, do a similar command exist in Windows Server 2012?
0
 
LVL 4

Author Comment

by:ubat
ID: 41838362
To be precise minlen = minimum length 8 = 8 characters. Hence what is the command in Windows for 15 characters?
0
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 167 total points
ID: 41838394
There isn't a single command that will do that for individual computers. Windows usually has two different types of accounts you can work with, Domain accounts and Local accounts. Domain accounts apply to all computers on a Windows Domain while Local accounts apply to specific computers. It's possible to modify the Domain account password policies on a Windows 2012 Domain Controller with Powershell using set-addefaultdomainpasswordpolicy: https://technet.microsoft.com/en-us/library/ee617251.aspx 

But there is, currently, no command included by default in windows that will do the same for a local account. There are scripts that can accomplish the task and downloadable powershell modules that can do it, but nothing straight out of the box can.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 41838451
When we are talking about domain accounts, you cannot use local settings, these are simply not even evaluated by the system.
So you need to set this in the default domain GPO. Settings in there would apply to all accounts, local accounts, too.

If however you want to govern local accounts only (and NOT domain accounts), you could use the local policies and yes, there exist commands to setup password requirements.
0
 
LVL 4

Author Comment

by:ubat
ID: 41838460
>If however you want to govern local accounts only (and NOT domain accounts), you could use the local policies and yes, there exist commands to setup password requirements.

So I guess my question(s) should be,

1. Please define the exact commands (settings?) to be used for setting up a password requirement for "password must be minimum 15 characters". This both for local accounts as well as the domain GPO.

2. Where can I find the documentation for this?
2b In addition to https://technet.microsoft.com/en-us/library/ee617251.aspx should I read/look up something else?
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41838476
You don't use command for that, why should you, GPO is much faster to setup?
0
 
LVL 4

Author Comment

by:ubat
ID: 41838519
What I am trying to do is to write a password "policy" document with real world examples  from different operating systems.
The requirement(s) as stated in words are e.g. Privileged user must have password length of minimum 15 characters.
This can be translated into "pseudocode" e.g. password length >= 15 characters
Which then needs to be translated into the actual way of implementing the requirement in the operating system.
(Finally a way of checking is needed to ensure thtat whatever is supposed to have been installed/implemented/set up/scripted actually IS existing in the configuration. e.g. by using a scanner, Qualys of something else e.g. a script.)

The first step is to determine the "pseudocode" for a requirement
The second step is to determine if the requirement can be implemented in each/a given operating system / version
The third step is to clearly define the "settings" for
Windows Server 2008, 2012 etc
AIX 7.1
Solaris
IBM i
etc

e.g. Password Requirement  = minimum 15 characters
The setting to implement this in,
AIX is minlen=15
Windows Server 2012 is
OpenBSD 9 is
Solaris ver x is
etc

In the end I am going to end up with a spread sheet/a matrix. The aim of which is to clearly define to management as well as to technicians/administrators WHY, WHAT and HOW it should be done.

For windows Server 2012 it seems to be the case that the command/the setting can be Set-ADDefaultDomainPasswordPolicy (and a lot of "switches". Is this correct? Or what am I missing?

Note: I am not (yet) familiar with GPO:s in the Windows world... There is/must be a whole lot else I don't know...
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41838772
ubat, though I see "you have a plan", I think you are not processing it in the correct order.
First, you need some knowledge about AD. You cannot judge comments here, even.
You need to understand
-why the pw policy is special
-why normally, no one would use commands to tune it
-that there are even two styles of password policies, the legacy one and the PSO one (google pso and GPO together) - the PSO can be applied to users, while the GPO can only be applied to each and any user.
-that here, the client OS does not even matter
-that the server OS does matter (because PSOs need a server 2008R2 or higher)
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now