Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security Active Directory Password Complexity and Policy
Security

Active Directory Password Complexity and Policy

By SolarWinds MSP
25 March, 2019

MicrosoftActive Directory (AD) password policies sit at the very foundation of an enterprise’s cybersecurity strategy—each connected device represents an entry point into your network, and protecting those endpoints with reasonably strong passwords is the first reliable line of defense against cyberattacks. AD allows you to enforce set standards for passwords used by employees, requiring them to use a certain number and/or variety of characters in every password they create.

But getting control over password policies isn’t always the easiest or most intuitive thing for a security professional to do. It may be simple enough to set default protections like “Password must meet complexity requirements,” but going beyond the default options is harder. Common questions include: What are AD password policy best practices? How do you develop specific permissions and protections for different users or groups of users? How do you get visibility into everyone’s access rights? What is password complexity, and what levels of password complexity are right for which user groups? 

No matter how experienced you are in enterprise security, it can be helpful to re-examine the basics to look for steps you can take to better tailor your AD password policy to the needs of your enterprise. Let’s clear up some common misconceptions, go over some AD password policy best practices, and start ensuring that all your users are protected.

How do I disable password policy?

Disabling your current password policy rules is straightforward through the Group Policy Objects option in Windows. If your current policy is proving too difficult for users or resulting in a lot of additional help desk calls, you can either edit your policy or disable it entirely with a few simple steps. 

In Windows, go to either the Group Policy Management or Active Directory Users console and you’ll see all Group Policy Objects (GPOs) currently linked at the domain level. Find the GPO you use to create and enforce your domain password policy (if you haven’t done this before, it’s likely Default Domain Policy GPO) and right-click it, then click Edit.

Now open Computer Configuration and click Policies, or go directly to Windows Settings. From there, select Security Settings, Account Policies, then Password Policy items. Here you’ll see a GPO Editor with two panes. Find “Enforce password history” in the pane on the right, Type 0 in the text box, then click OK. Do the exact same thing for other policies like “Maximum password age,” “Minimum password age,” and “Minimum password length” policies. Double-click on “Password must meet complexity requirements” in that same right pane, select Disabled, then click OK.

    CTA Image

    Password and Documentation Management

    Request a Demo Learn More

    What are password complexity requirements?

    Certain kinds of passwords are particularly easy for a dedicated hacker to obtain because they lack complexity. Complexity is measured according to how difficult it would be for a hacker to guess a user’s password using obvious information like their name, or to break into their account using a brute force attack. A good example of a password complexity requirement is one that ensures all passwords are at least eight characters long.

    Complexity requirements must strike a careful balance—they should be stringent enough to ward off all but the most dedicated of cybercriminals, but not so strict that they frustrate users and flood the help desk with calls. It’s best practice to use some form of password complexity requirement. If the default settings on AD are either too strict or not strict enough for your needs, be sure to replace the policy rather than simply disabling it.

    What is password complexity in Group Policy Objects?

    Group Policy Objects represent specific groups of users for whom you can set specific password requirements, in much the same way that you grant different groups of users different levels of access to company assets. Creating more onerous Active Directory password complexity requirements for those users with access to more sensitive information, while asking less of the majority of your users, is a great way to minimize the impact on help centers while protecting your most valuable data.

    GPOs allow you to perform a number of functions from a security standpoint, including disabling Local Administrator rights, granting administrative permissions to sole individuals or groups, and disabling outdated protocols like SSLv2. It also makes management far easier from a security perspective. 

    What is the default password policy for AD?

    For all versions of Windows software since Windows 2000, default Active Directory password complexity requirements are simple: the user can’t use their own name and has to include different types of characters. 

    First, a user’s password can’t have their Account Name in it, nor their Full Name. Just like “Password1234,” a password that repeats or slightly modifies your account name is incredibly easy for hackers to guess. This check is overridden if the user’s Account Name or Full Name is less than three characters long. If you have an initial in your Full Name, for example, you won’t be prohibited from using that letter in your password.

    Second, passwords have to contain characters from a variety of different categories. These categories include: uppercase letter; lowercase letters; single digits 0-9; special characters like !,&,%,$, or #; and Unicode characters. Under Windows 10’s default password complexity requirements, every password must contain characters from at least three of these categories. This rule, along with the requirement that passwords be at least eight characters long, makes it far harder to break into an account using a brute force attack. Hackers would have to run through at least 218,340,105,584,896 different possibilities in order to gain a single password.

    Automating access

    If all this strikes you as being a little complicated, that’s because it is. While AD offers plenty of functionalities for determining who should be subject to what restrictions when it comes to password complexity, keeping track of which groups are subject to what policies can quickly become overwhelming. A resource like SolarWinds® Access Rights Manager can help you improve IT and data security by automating this work.

    Access Rights Manager is a powerful and intuitive access rights monitoring and access management system for companies of all sizes that offers threat protection from the inside out. We call it security simplified. It clearly displays group memberships from AD and makes it perfectly clear who has access rights to what file servers. You can also monitor, analyze, and audit AD and Group Policy, as Access Rights Manager creates a ledger detailing who made changes to policies and when, simplifying compliance and reducing risk.

    Now that you know about Active Directory password policies and the tools you can use to leverage them, you’ve got what you need to ensure your users are secure and that AD password policy best practices are being followed.

     

    Request a Passportal Product Demo

    Request a demo and see how SolarWinds® Passportal + Documentation Manager, Site and Blink can help you.

    Request a Demo

     

     

    Additional reading

    Warning: Stop Saying “iloveyou”
    Forgotten Passwords: The Bane of the Admin's Existence
    How to Build Password Policies for Your Customers
    You might also like...
    Automation

    What the Head Nerds Were Up to in 2020

    Security

    January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

    Security

    December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

    Security

    Documentation Management API and Why It’s Important for the MSP Business

    Security

    What Is FIPS-140-2 Standard and When Is It Required?

    Security

    Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

    Want to stay up to date?

    Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

    Loading form....

    If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

    Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

    Recent Posts
    • What the Head Nerds Were Up to in 2020
    • RMM and PSA Tools: How to Make the Most of Both
    • How to Empower an IT Help Desk Team for Success
    • Six Tips That Will Make Managing Your MSP Company Easier
    • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
    Categories:
    • Security (230)
    • Tips & Advice (122)
    • Best Practices (94)
    • Managed Services (86)
    • Backup & Disaster Recovery (83)
    • Business Growth (75)
    • The Head Nerds (75)
    • IT Support (42)
    • Business (39)
    • Automation (37)
    • Cybersecurity (37)
    • Operations (34)
    • Mail (33)
    • Remote Management (28)
    • ITSM (25)
    • Cloud Computing (21)
    • Networking (21)
    • Data (21)
    • Marketing (14)
    • Product (11)
    • PSA (11)
    • Service Desk (5)
    • Services & Support (5)
    • Mobile (4)
    • Risk Intelligence (4)
    • Internet of Things (3)
    • Customer Service (3)
    • Research & Trends (2)
    • Training (2)
    • GDPR (2)
    • Business Risk (1)
    • LOGICcards (1)
    Show moreless
    SolarWinds MSP

    Products
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • SolarWinds EDR
    • SolarWinds MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
    • SolarWinds Passportal
    • All Products Use Cases
    Solutions
    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
    • Identify which RMM solution is right for me
    • Drive Efficiency with Automation
    • Manage my MSP Business More Efficiently
    • Manage my IT Department More Efficiently
    • Layered Security
    • Cross-Platform Support
    • Data-Driven Insights
    About
    • About Us
    • Careers
    • Newsroom
    • Leadership Team
    • Upcoming Events
    • Subscription Preferences
    • SolarWinds
    • SolarWinds Trust Center
    • COVID-19 Response
    Support
    • SolarWinds RMM
    • Solarwinds N-central
    • SolarWinds Backup
    • SolarWinds Mail Assure
    • SolarWinds Take Control
    • SolarWinds MSP Manager
    • Solarwinds Risk Intelligence
    • Solarwinds Threat Monitor
    • SolarWinds Passportal
    • SolarWinds Take Control Downloads
    • Backup & Recovery Downloads
    • Service Status

    Footer 2

    • Legal Documents
    • Privacy
    • California Privacy Rights
    • Security Information
    • Sitemap

    © SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
    All Rights Reserved.