Solution Guide
70 Store
Editing a New GPO (Windows Server 2008)
In Windows Server 2008, GPOs are managed using the GPMC.
1
To open the GPMC, click
Start
→
Administrative Tools
→
Group Policy
Management
.
2
Navigate to the forest and domain in which the GPO resides, and then click
Group Policy Objects
.
3
Right-click the GPO.
4
Make the necessary changes to the settings and save them.
Active Directory Support for Secure Password Policies
Active Directory supports a variety of authentication policies, including smart
cards, strong password, and account lockout settings.
Passwords and other authentication policies are created using GPOs. See
"Applying Security Policies Using Group Policy Objects" on page 69 for
information on creating and editing a GPO.
Suggested Strong Password Settings
The following values are suggested when configuring password settings:
• Enforce password history - The number of unique passwords that must be
used before a password can be reused. Set to 24.
• Maximum password age - Passwords must be changed every
x
days. Set to
90.
• Minimum password age - The number of days a password must be in effect
before it can be changed. Set to 1 or 2.
• Minimum password length - Set to 8 or 12 characters.
• Password must meet complexity requirements - Set to
Enabled
. The
following policies are applied:
– Passwords must be at least 6 characters in length
– Passwords must include characters from at least three of these four
categories:
• Uppercase characters
• Lowercase characters
• Numerals (0 through 9)