Discussion

Ifyouruserschangetheirpasswordsfrequently,ithelpstoreducetheriskthatavalidpasswordmight
becracked,anditmitigatestheriskthatsomeonemayuseapasswordthathasbeenwrongfully
acquired.Maximumpasswordagecanbeconfiguredsothatusersareneverrequiredtochangetheir
passwords,butthisresultsinamajorsecurityrisk.

ManycautiousadministratorschoosetosetMaximumpasswordagetoavaluebetween30and60
days.YoucansetMaximumpasswordagetoneverexpirebysettingthenumberofdaysto0.

SettingMaximumpasswordageverylowrequiresuserstochangetheirpasswordstoooften.This
mightactuallyreducesecurityintheorganization,becauseitcanincreasethepossibilityofthatusers
willwritetheirpasswordsdowntoavoidforgettingthem.Ifyousetthevalueveryhigh,itreducesthe
levelofsecuritywithinanorganization,becauseitgivesapotentialattackermoretimetoguessausers
password.

Location
GPO_name\ComputerConfiguration\WindowsSettings\SecuritySettings\AccountPolicies\Password
Policy\

DefaultValues

ServerTypeorGPO DefaultValue
DefaultDomainPolicy 42days

PasswordPolicy
In Windows and many other operating systems, the most common method for authenticating a users
identity is to use a secret passphrase or password. Securing your network environment requires that
strong passwords be used by all users. This helps avoid the threat of a malicious user guessing a weak
password, whether through manual methods or by using tools, to acquire the credentials of a
compromised user account. This is especially true for administrative accounts. When you change a
complex password regularly, it reduces the likelihood of a successful password attack. Password policy
settings control the complexity and lifetime of passwords. Each specific password policy account
setting is discussed in this section. Password Policy settings can be configured in the following location
in Group Policy Object Editor:
Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\
Enforce password history
The Enforce password history policy setting determines the number of unique new passwords that
must be associated with a user account before an old password can be reused.
The possible values for this Group Policy setting are:
A user-defined number from 0 through 24.

Not defined.

DefinitionWhatdoesVulnerabilitymean?
Vulnerability is a cyber-security term that refers to a flaw in a system that can leave it open to attack. A
vulnerability may also refer to any type of weakness in a computer system itself, in a set of procedures,
or in anything that leaves information security exposed to a threat.