1
00:00:06,450 --> 00:00:14,070
Account policies in edit is defined the default settings for security related attributes that are assigned

2
00:00:14,070 --> 00:00:15,570
to user objects.

3
00:00:15,660 --> 00:00:23,690
In aid it is account policies classify into three different groups of Saddam's password policy account

4
00:00:23,700 --> 00:00:26,820
look out and Canberra's policy.

5
00:00:26,820 --> 00:00:33,230
You can configure a password policy and account lock out settings in the local policies certainly for

6
00:00:33,230 --> 00:00:34,380
an individual.

7
00:00:34,380 --> 00:00:44,280
Windows Server 2016 server or you can configure all three groups of settings for the entire domain by

8
00:00:44,280 --> 00:00:51,870
using the group policy management console in edit is one local policies set and sound group policies

9
00:00:51,870 --> 00:01:01,140
sentence conflict group policies sentence override over local policies sadness in group policy and management

10
00:01:01,170 --> 00:01:02,510
within 80 days.

11
00:01:02,520 --> 00:01:12,900
Most policy settings can apply at different levels within the ADF structure domain site or all you however

12
00:01:13,110 --> 00:01:18,450
account policies for domain accounts can apply only at one level.

13
00:01:18,480 --> 00:01:27,570
In aid it is to the entire domain therefore only one set of account policy settings can apply to an

14
00:01:27,690 --> 00:01:29,240
ADT as domain.

15
00:01:29,280 --> 00:01:35,960
The password policy is one of the most important policies when securing your ADT yes.

16
00:01:35,970 --> 00:01:44,310
User accounts use the password policy to configure the properties of the passwords that users might

17
00:01:44,310 --> 00:01:45,170
choose.

18
00:01:45,210 --> 00:01:53,190
You use these settings to ensure that users can not use simple passwords which provide insufficient

19
00:01:53,220 --> 00:01:56,390
potential against password attacks.

20
00:01:56,460 --> 00:02:03,240
You define the password policy by using the following sentence Litchfield said in his enforce password

21
00:02:03,270 --> 00:02:04,280
history.

22
00:02:04,290 --> 00:02:12,540
This is the number of unique new passwords that must be associated with a user account before an old

23
00:02:12,540 --> 00:02:14,560
password can be reused.

24
00:02:14,580 --> 00:02:18,470
The default setting is twenty four previous passwords.

25
00:02:18,510 --> 00:02:22,120
When do you use the sentence with a minimum password.

26
00:02:22,140 --> 00:02:30,050
Age certain the enforced password histories certain prevents constant reuse of the same password.

27
00:02:30,180 --> 00:02:33,820
The next set in is maximum password age.

28
00:02:33,900 --> 00:02:41,660
This is the number of days that a user can utilize their password before they must change it regularly.

29
00:02:41,660 --> 00:02:46,440
Changing passwords helps prevent the compromise of passwords.

30
00:02:46,440 --> 00:02:55,020
However you must balance this security consideration against the logistical considerations that result

31
00:02:55,020 --> 00:03:03,720
from requiring users to change passwords too often the default setting of four to two days is appropriate

32
00:03:03,720 --> 00:03:05,670
for most organizations.

33
00:03:05,700 --> 00:03:09,030
The next setting is minimum password age.

34
00:03:09,030 --> 00:03:15,240
This is the number of days that a password must be used before the user can change it.

35
00:03:15,240 --> 00:03:19,150
The default well here is one day which is appropriate.

36
00:03:19,170 --> 00:03:27,410
If you also enforced password history you can restrict the constant use of the same password.

37
00:03:27,480 --> 00:03:32,540
If you use this certain with enforced password keys to reset it.

38
00:03:32,610 --> 00:03:35,720
Next stop is minimum password lands.

39
00:03:35,730 --> 00:03:43,760
This is the minimum number of characters that a user password must contain the default wealthiest 7.

40
00:03:43,890 --> 00:03:50,850
This default is a widely used minimum but you should consider increasing their password length to at

41
00:03:50,850 --> 00:03:54,920
least 10 characters to enhance security.

42
00:03:54,960 --> 00:03:58,600
The next set in is complexity requirements.

43
00:03:58,620 --> 00:04:06,540
Windows Server includes a default password filter that is enabled by default and you should not disable

44
00:04:06,540 --> 00:04:06,950
it.

45
00:04:07,020 --> 00:04:13,860
The filter requires that a password have the following characters does not contain your name or your

46
00:04:14,250 --> 00:04:22,710
username contains at least 6 characters and contains characters from three of the following four groups

47
00:04:23,040 --> 00:04:33,210
uppercase letters lowercase numerals and special non alphanumeric characters such as exclamation mark

48
00:04:33,210 --> 00:04:36,210
at sine hash and so on.

49
00:04:36,210 --> 00:04:40,080
Next up we'll be talking about account lock out policies.