Saturday, 2 April 2011

Changing Password setting in AD using Group Policy

Problem: On my development machines i often don't want to have to change my password every 42 days or adhere to the default group policy setting for password when using AD.  I have multiple VM on multiple domains and changing passwords is a hassle.

Initial Hypothesis: Passwords are normally lost in one of three ways:
1) data breach
2) social engineering or phishing
3) malware
The following group policy helps open a machine in a dev environment but are obviously bad practice:
Change group policy to not change the default password after X days, disable password complexity, and remove password history.  Also allow users to change passwords immediately.  Use the Group Management Policy Editor on the AD machine.

Start > Run... > gpmc.msc
Navigate to the domain you wish to amend the group policy for (in my case it is
Right Click the default Group Policy as shown below and select "Edit"

Navigate Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy.
Edit the Password Policy as you want it.
Save & Close the windows.
Run the windows command prompt (dos prompt): cmd>gpupdate


Anonymous said...

Thank-you for the article, will be nice to do this using a script or power shell! Tony

Post a Comment