Setting Up Password Policies in Active Directory: A Guide by Critical Path Security
Establishing a Strong Password Policy Protecting your network starts with a robust password policy. With Microsoft Active Directory, you can utilize Group Policy to dictate various password criteria like complexity, duration, and size. Locate the default domain password policy at: Group Policy object (GPO) -> Computer configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy. Since Windows Server 2008, you can implement detailed policies for specific organizational units through Active Directory Administrative Center (DSAC) or PowerShell. NIST's Password Recommendations The National Institute of Standards and Technology (NIST) provides Digital Identity Guidelines, which emphasize: Password Complexity and Length: Contrary to forcing numerous symbols, NIST suggests promoting lengthy passwords or passphrases, ideally up to 64 characters. Password Duration: Instead of regular password changes, NIST now advises changing passwords only if a security threat is perceived. Avoid Easily Guessable Passwords: Steer clear of simple patterns, default passwords,…