Hello! User management in Windows Server is a fundamental issue. Mostly for security and privacy issues. Indeed, some users should not access certain aspects of the organization. Likewise, it is convenient to limit the duration of passwords. That is why we will address this topic today. Stay with us to see how to configure password expiration policy local or domain mode in Windows Server 2019/2016.
Reasons to set password expiration policies.
There are several reasons to set up password expiration policies on Windows Server:
- Temporary users.
- Users who are doing study practices in the company.
- Users whose contract expires. Consequently, the administration orders the deactivation of the account in a determined period of time.
- Test users.
- Security controls
Edit password expiration policies with local policies in Windows Server.
The first method we will see is to edit the local directives. With this intention press the Win+R combination and run the following command:
gpedit.msc
Consequently, it follows the following path: Local Computer Policy>Computer Configuration>Windows Settings>Security Settings>Account Policy>Password Policy.
Once there, several configuration parameters are displayed:
- Enforce password history: This parameter allows you to determine how many new passwords are related to a user. Consequently, it avoids assigning a previous password again.
- Maximum password age: Through this option you define the number of days of use of a password. Even before Windows Server requests the change.
- Minimum password age: With this alternative it is possible to define the number of days of duration of the password. Before being modified by the user.
- Minimum password length: It allows you to define the minimum number of characters in the password.
- Minimum password length: It allows you to define the minimum number of characters the password will contain.
- Password must meet complexity requirements: Determines how passwords should be set with complexity parameters. For example, combination of symbols, numbers, capital letters, etc.
- Storage passwords using reversible encryption: This configuration is related to certain applications. In fact, these are protocols that require knowledge of the user’s password for authentication purposes.
Edit password expiration policies with domain policies in Windows Server.
With this in mind, it is necessary to login to the server manager. Once there, please go to the Tools menu. Then click on Group Policy Management.
The following menu will be displayed immediately.
Please display the forest, and then the domain. Once there, right click on Default Domain Policy.
This window will then be displayed.
Please follow the path below: Default Domain Policy>Computer Configuration>Policies>Windows Settings>Security Settings>Account Policies>Password Policies. As you can see, there are the same options as in the local directives. However, the most important difference is the scope of application. That is, by making changes locally, you can’t modify the domain’s directives. On the contrary, from a computer in a domain it is possible to modify the policies. With this intention, double-click on Maximum Password age.
You can see that for security reasons it is set at 42 days. On the contrary, if you set it to 0 then the password will never expire.
In this way we have seen how to configure password expiration policy local or domain mode in Windows Server 2019/2016. This way you increase the security of the system. All right, that’s it for now. Please keep an eye out for updates on Windows Server. Bye!