Specops Password Policy, on the other hand, uses user-based GPO setting and does directly apply password policy setting objects to user objects where it is applied, making for a much more intuitive administrative experience. Still, it is at best a counterintuitive design by Microsoft. The reasoning makes sense in some way – Password Policy settings appear under the ‘computer settings’ scope and thus have no bearing on user objects. This does not work in Active Directory GPOs with Active Directory Password Policy settings linked anywhere but the root of the domain have no effect whatsoever on user password requirements. Note: We sometimes find administrators attempting to set multiple password policies in AD by creating additional GPOs with Password Policy settings and applying them to user OUs. If this policy setting is enabled, passwords are less protected (almost plain text). Store passwords using reversible encryption – user passwords are stored encrypted in the AD database, but in some cases you have to grant certain apps access to user passwords. Those symbols include: numbers (0–9), uppercase letters, lowercase letters and special characters ($, #, %, etc.). Password must meet complexity requirements – if the policy is enabled, a user cannot use the account name in a password 3 types of symbols must be used in the password. Minimum password age – prevents users from resetting their password too frequently, perhaps in an attempt to cycle back to an easily remembered password used before. If set at 0, no password will be required. Minimum password length – while the minimum recommended password length is 8 characters, it may also be set at 0. Maximum password age – sets the maximum length of time a user may go between password resets. In Active Directory, there are six available policies.Įnforce password history – with an eye to preventing password reuse, this policy determines how many previous passwords are stored in Active Directory and thus prevented from being set as a password in future.
To ensure password polices are correctly implemented, the sysadmin must first understand the available password policy settings. Understanding Password Policy Setting in Active Directory
0 kommentar(er)
