Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Windows Server 2016 Security, Certificates, and Remote Access Cookbook

You're reading from   Windows Server 2016 Security, Certificates, and Remote Access Cookbook Recipe-based guide for security, networking and PKI in Windows Server 2016

Arrow left icon
Product type Paperback
Published in Apr 2018
Publisher
ISBN-13 9781789137675
Length 138 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Jordan Krause Jordan Krause
Author Profile Icon Jordan Krause
Jordan Krause
Arrow right icon
View More author details
Toc

Table of Contents (4) Chapters Close

1. Security and Networking 2. Working with Certificates FREE CHAPTER 3. Remote Access 4. Other Books You May Enjoy

Requiring complex passwords in your network

With the tools that attackers have available today, simple passwords should be outlawed by every company. Turning on the requirement for complex passwords in your network is pretty simple; the hard part is knowing where to find the setting. We are going to require complex passwords by making a change inside Group Policy. We will be using Group Policy in a step-by-step fashion, and combining this recipe with the chapter on Group Policy in the book Windows Server 2016 Administration Cookbook, published by Packt, will give you even more creativity in the way that you could later change the implementation of this password policy.

Getting ready

We need to be working in a domain environment, as Group Policy is something that runs within Active Directory. The change that we are going to make in Group Policy is done from a domain controller, and we will utilize a client computer to test our policy once it has been implemented.

How to do it...

The following steps will help you enable complex passwords for your network:

  1. On your domain controller, launch Group Policy Management from inside the Tools menu in Server Manager.
  2. Expand your forest name and find the name of your domain inside the Domains folder. If you expand your domain name, you will see a Group Policy Object (GPO) in there called the Default Domain Policy. This policy is automatically configured in a new Active Directory environment to apply to all user accounts, so for this recipe, we will modify this GPO to require complex passwords for all of our users.
  3. Right-click on Default Domain Policy and click Edit...:

You can easily create a new GPO and use it instead of modifying the built-in default policy. This will give you better control over who or what gets the settings applied to them. See the chapter Group Policy from the book, Windows Server 2016 Administration Cookbook, for more detail on managing the GPOs themselves. We use the Default Domain Policy in this recipe for the sake of shortening the number of steps you need to take, but it really is recommended never to use the Default Domain Policy to make actual changes in a production environment.

  1. Browse to the following location by navigating to Computer Configuration | Policies | Windows Settings | Security Settings | Account Policies | Password Policy.
  2. Here are the configurable options that you can set for password requirements in your network. I am going to set Maximum password age to 30 days so that everyone needs to change their password monthly, and I will increase Minimum password length to 8 characters. I will also enable the complexity requirements setting, which sets a number of different requirements. If you double-click on that setting and browse to the Explain tab, you will see a list of all the items that are now required:
  1. Now go ahead and try logging into a computer with a domain user account and come to discover that our password no longer meets the criteria and we have to change it accordingly:

How it works...

Because we set requirements for password complexity in the Default Domain Policy, that requirement flows across our whole network. A solid password policy is very important in today's networks and just scratches the surface of Group Policy's abilities. These simple setting changes can make the difference in whether or not your company is compromised as a result of a brute force password attack.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime