Hello, how are you doing? In this opportunity, we will talk about password policies on Windows Server 2019. Once we have managed users through Active Directory, we need to set the valid date of the passwords. Indeed, sometimes we need to restrict access to certain users due to the security policies of the organization.
Please keep in mind that when working with servers, security is a fundamental aspect. For this reason, there are several reasons for modifying the duration of passwords. For this reason, there are several reasons for modifying the duration of passwords. According to the type of use, it is convenient to establish passwords with security time. For example, to temporary users, test users or those who are practicing in the company.
Now, we have two options for modifying password expiration policies on Windows Server 2019. Group Policy: Apply for when the computer is included in a corporate domain with Windows Server Domain Controller. Local Security Policy: Applies when our group is not in a domain, but is in a workgroup or is managed locally. Here’s how to change a password or change the expiration date of a password within Windows Server 2019 step by step.
Changing password expiration through Local Security Policy on Windows Server 2019
Below we will detail the process for entering the password policy configuration.
Step 1. Open Local Group Policy Editor
First, we need to enter Group Policy Management by clicking Windows+R and typing gpedit.msc
Once there, we must follow the next route: Local Computer Policy>Computer Configuration>Windows Settings>Security Settings>Password Policy
Step 2. Editing password policies
The editor allows you to configure different aspects of the password:
Enforce password history. This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords.
Maximum password age. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0.
Minimum password age. This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0.
Minimum password length. This security setting determines the least number of characters that a password for a user account may contain. It can set a value of between 1 and 20 characters, or you can establish that no password is required by setting the number of characters to 0.
Password must meet complexity requirements. This security setting determines whether passwords must meet complexity requirements.
Password Requirements
If it enabled, the password must meet the following minimum requirements:
Not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters
Be at least six characters in length
Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
Store passwords using reversible encryption. This security setting determines whether the operating system stores passwords using reversible encryption. This policy provides support for applications that use protocols that require knowledge of the user’s password for authentication purposes.
Changing password expiration through Local Active Directory on Windows Server 2019
To access the domain password policy editor, we need to open the Server Manager. Next, click on the Active Directory Administrative Center tool.
In the next window, select the forest and then follow the following path: Domains>nameofdomain>Default Domain Policy. Where nameofdomain is the name of our domain, in my case telematic.local. Next, double click on Default Domain Policy to edit the values.
Once the window opens, follow this path: Default Domain Policy>Compuer Configuration>Policies>Windows Settings>Security Settings>Password policy
As we see we have the same options as in the local directives, the only difference is that if we open the local policies with our computer in a domain we cannot make any change in the directives. On the other hand, from a computer in a domain using this option if we will be able to make adjustments in the policies.
Changing or unlocking administrator password on Windows Server 2019
Sometimes it happens that we want to change the administrator password, or the account has been blocked. Sometimes it happens that we want to change the administrator password, or the account has been blocked. To do this, we must enter the Server Manager and select Active Directory Administrative Center.
Once there, all you have to do is select Reset Password, and enter the new password or unblock the account if it is locked.
As has been noted, the process for changing password policies is not that complicated. However, we must be careful when modifying these values, as it will affect the entry of users. In conclusion, Windows Server 2019 is a very friendly system and has wizards that facilitate the changes desired by the server administrator.
Well, this is all for now, before saying goodbye I would like to invite you to review our tutorial on installing Apache on Windows Server 2019.
