How to Change Password Policy in Windows Server 2016 Domain Controller?

You can change the password policy for your Windows Server 2016 domain controller through the Group Policy Management Console (GPMC).

Steps to Change Password Policy:

1. Open GPMC:

   • Press Windows Key + R to open the Run dialog box.
   • Type gpmc.msc and press Enter.

2. Navigate to Password Policy:

   • Expand Forest: your domain name
   • Expand Domains: your domain name
   • Expand Group Policy Objects
   • Locate the Default Domain Policy or the specific policy you wish to modify.

3. Edit Password Policy:

   • Right-click on the desired policy and select Edit.
   • Go to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy.

4. Configure Password Settings:

   • Minimum password length: Set the minimum number of characters required for a password.
   • Password must meet complexity requirements: Enable this option to enforce complexity rules like using uppercase letters, lowercase letters, numbers, and symbols.
   • Enforce password history: Set the number of previous passwords that cannot be reused.
   • Maximum password age: Specify the maximum time a password can be used before it expires.
   • Minimum password age: Define the minimum time a password must be in use before it can be changed.

5. Apply Changes:

   • Click OK on all open windows to save the changes.

Note: These changes will apply to all users and computers in the domain.

Additional Tips:

• Use strong passwords: Encourage users to use strong passwords that are at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols.
• Regularly review password policy: It is good practice to review and update password policy regularly to ensure it remains secure and effective.
• Enable password lockout: This feature prevents brute-force attacks by locking out accounts after a specific number of failed login attempts.

Examples:

• To set a minimum password length of 12 characters, navigate to Minimum password length and enter 12.
• To enforce password complexity requirements, enable the Password must meet complexity requirements option.

By following these steps, you can effectively change the password policy in your Windows Server 2016 domain controller, enhancing the security of your network.