![]() Note #2: As of the publication of this benchmark, Microsoft currently has a maximum limit of 24 saved passwords. However, custom exceptions to the default password policy and account lockout policy rules for specific domain users and/or groups can be defined using Password Settings Objects (PSOs), which are completely separate from Group Policy and most easily configured using Active Directory Administrative Center. If these settings are configured in another GPO, they will only affect local user accounts on the computers that receive the GPO. Note: Password Policy settings (section 1.1) and Account Lockout Policy settings (section 1.2) must be applied via the Default Domain Policy GPO in order to be globally in effect on domain user accounts as their default behavior. The recommended state for this setting is: 24 or more password(s). To maintain the effectiveness of this policy setting, use the Minimum password age setting to prevent users from repeatedly changing their password. The default value for Windows Vista is 0 passwords, but the default setting in a domain is 24 passwords. The value for this policy setting must be between 0 and 24 passwords. Information This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |