Question

Handling user accounts in Windows Server 2012

Answer 1

Domain Passwords Policies

A domain password policy is simply to indicate from our server that all domain user accounts must have a password that must have a minimum number of characters, you must tell the user that this will expire every so often so you must generate a new one and if the incorrect password is entered more than a number of times in a certain period then it must proceed to block that account, either temporarily or permanently until the system administrator unlocks it.

To set the password rules we must edit the properties of the same in the GPO (Group Policy Object) that is at the domain level, it is important to emphasize that it must be at the domain level so that we can activate special features and thus to be able to establish the rules of the passwords.

Within the GPO we can only have one type of policy for the generation of passwords and we must also bear in mind that the rules that we establish in the GPO at the domain level are going to be taken into account above the rules of the other GPO within our network.

Passwords policies are located in the GPO node in the Computer Configuration \ Policies \ Windows Settings \ Security Settings \ Account Policies route.

Elements that make up the Passwords Policies

• . Passwords History: This element allows us to store the passwords used by the user up to a maximum of 24, which would lead to avoiding the use of the same keys and with this we will increase the security of our Domain .

• Maximum duration of the Password: This element indicates how much is the maximum time a user can use the same password before being changed, the default time is 42 days but it can be extended up to 999 days. It is important to mention that placing the value in 0 cancels this property.

• Minimum duration of the Password: This prevents the user from restarting the history countdown in order to return to their original password, indicating a time before they can change the password once created, usually this value is 1 day.

• Minimum length of Passwords: This property allows us to indicate the minimum number of characters in order to avoid very short phrases that can be intercepted, the maximum number of characters that can have a password initially is 128 characters and the minimum recommended value is 6 characters.

• Complexity of the Password: This element when activated allows us to indicate that the password must have a mixture of numbers, symbols, and uppercase and lowercase letters, as well as, prevents the user from using his username .

As we saw in this tutorial, there are several tools that allow us to make the user use more secure keys for our environment and thus protect not only the integrity of the user's data but also the organization in which it is located.

---