With the tools that attackers have available today, simple passwords should be outlawed by every company. Turning on the requirement for complex passwords in your network is pretty simple; the hard part is knowing where to find the setting. We are going to require complex passwords by making a change inside Group Policy. Further on in this book, we are going to do a lot of things inside Group Policy, but the requirement for complex passwords is so common that I felt it to be a general security item rather than something to be lumped alongside other Group Policy tasks. So, we will be using Group Policy in a step-by-step fashion, and combining this recipe with the chapter on Group Policy will give you even more creativity in the way that you could later change the implementation of this password policy.
We need to be working in a domain environment, as Group Policy is something that runs within Active Directory. The change that we are going to make in Group Policy is done from a Domain Controller, and we will utilize a client computer to test our policy once it has been implemented.
The following steps will help you enable complex passwords for your network:
Domains
folder. If you expand your domain name, you will see a Group Policy Object (GPO) in there called the Default Domain Policy. This policy is automatically configured in a new Active Directory environment to apply to all user accounts, so for this recipe, we will modify this GPO to require complex passwords for all of our users.
You can easily create a new GPO and use it instead of modifying the built-in default policy. This will give you better control over who or what gets the settings applied to them. See Chapter 9, Group Policy, for more detail on managing the GPOs themselves. We use the Default Domain Policy in this recipe for the sake of shortening the number of steps you need to take, but it really is recommended never to use the Default Domain Policy to make actual changes in a production environment.
30 days
so that everyone needs to change their password monthly, and I will increase Minimum password length to 8 characters
. I will also enable the complexity requirements setting, which sets a number of different requirements. If you double-click on that setting and browse to the Explain tab, you will see a list of all the items that are now required.
Because we set requirements for password complexity in the Default Domain Policy, that requirement flows across our whole network. A solid password policy is very important in today's networks and just scratches the surface of Group Policy's abilities. These simple setting changes can make the difference in whether or not your company is compromised as a result of a brute force password attack.
3.144.222.149