In this practical exercise, you need to prevent users from resetting their account by using the same password. The company should not allow the users to change their password more than once every three days and these passwords need to be complex. A user must use a minimum of 12 passwords before they can reuse the original password. You need to prevent a hacker using more than five attempts at guessing a password:

1. On a Windows 10 desktop, type gpedit.msc or on a domain controller, go to Server Manager | Tools | Group Policy management. Edit the Default Domain Policy.
2. Under Computer Configurations, expand Windows Settings.
3. Select Security Settings.
4. Select Account Policy, then select Password Policy.
5. Select Password History and enter 12 passwords remembered—press OK.
6. Select Minimum Password Age. Enter 3 days—press OK.
7. Select Password must meet complexity requirements—select the radio button Enabled and press OK.
8. Go back to Account Policies and select Account Lockout Policies.
9. Select Account Lockout Threshold and change the value to five invalid logon attempts—press OK.