Ask the Expert

Managing a password policy

I am using a Windows Server 2003 system. I have set up a test network, which is a copy of the live network. I have changed the default password policy to:

Enforce password history is three passwords, maximum age (these are temporary settings) will be 62 days, minimum age, two days
Minimum length, eight characters
Password complex enabled

The password policy is not working as I have added some passwords and have had a seven-character password. How can I solidify and enforce these password settings?

Have you restarted the server? If you can't, try running gpupdate at a command prompt to refresh the policy. There could be a policy conflict on the server that's overriding the policy you set. Set the policy for the domain (or group) and if that doesn't do it, try setting a local policy, which will apply to the server itself. And then see what happens.

More on password management

  • Password cracking and hardening
    Learn the abc's of password cracking and password hardening with this advice from Jonathan Hassell and Kevin Beaver.

  • Password security FAQs
    Check out this collection of recent password security questions for advice on cracking through a locked hard drive and what to do if you forget your password.

  • Password Hardening Journal
    One oft-forgotten element of a secure organization is password security. Check out our Windows security journal to find out how to secure your organization at this level.

This was first published in April 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: