question

AndreaVironda-1776 avatar image
0 Votes"
AndreaVironda-1776 asked DaisyZhou-MSFT commented

Password change

Hi,
in my Microsoft Windows Server 2019 Server Standard 64-bit v1809 (Build 17763) I created several users and now i'm requested to change the password. I have several questions:
- we're only few people, is it necessary to change them? what's the best practice
- How long does a password lasts? it seems now it's 1 months, but it's too few.



windows-server
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @AndreaVironda-1776,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·

1 Answer

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered DaisyZhou-MSFT commented

Hello @AndreaVironda-1776,

Thank you for posting here.

Here are the answers for your references.

  • we're only few people, is it necessary to change them? what's the best practice
    A1: If these passwords meet best practice or are strong passwords (which have at least eight characters and include a combination of letters, numbers, and symbols), we can keep them.

Here is best practice for password policy.

Enforce password history: Set Enforce password history to 24.

Maximum password age: Set Maximum password age to a value between 30 and 90 days, depending on your environment.

Minimum password age: Windows security baselines recommend setting Minimum password age to one day.

Minimum password length: Set Minimum password length to at least a value of 8.

Password must meet complexity requirements: Set Passwords must meet complexity requirements to Enabled.

Store passwords using reversible encryption: Set the value for Store password using reversible encryption to Disabled.


  • How long does a password last? it seems now it's 1 months, but it's too few.
    A2: See A1, or I suggest we can set it 3 monthes-6 monthes (maybe one year depending on your environment).

Reference
Password Policy
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-policy


Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou


============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I use a workgroup, not a domain.
Is it possible to configure policies using secpol.msc on the main server? is it the right procedure?95146-screenshot-2021-05-10-115115.jpg


0 Votes 0 ·

Hello @AndreaVironda-1776,

I am so glad to receive your reply.

Do you mean you want to configure policies using secpol.msc on the main server and then export the configured to other servers?


Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou


============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·

I was simply asking if this is the correct windows to set the policies you suggested me

0 Votes 0 ·
Show more comments