最後更新: 2020-06-19

目錄

• Standalone Server Password Policy
• Domain Controller Password Policy

Standalone Server Password Policy

gpedit.msc

"Computer Configuration" -> "Windows Settings" -> "Security Settings" ->

"Account Policies" -> "Password Policy"

• Password must meet complexity requirements (Default: Enable)
• Maximum password age (Default: 42)(never expire by setting the number of days to 0.)
• Enforce Password History (Default: Standalone: 0, DC: 42)

Domain Controller / Server Password Policy

S2016 / S2012 / S2008

DC 要在 "Group Policy Management" 改 Password Policy

展開 Forest -> 展開 Domains -> Select YOUR_DOMAIN -> Right Click "Default Domain Policy" Select "Edit"

Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy

• Enforce password history ( "0" = 可用舊 password )
• Maximum password age ("0" = password 不會過期 )
• Minimum password age ("0" = 可隨時改 password )
• Minimum password length
• complexity requirements
• Password must meet complexity requirements

修改後: cmd -> gpupdate