Note #2: As of the publication of this benchmark, Microsoft currently has a maximum limit of 24 saved passwords. However, custom exceptions to the default password policy and account lockout policy rules for specific domain users and/or groups can be defined using Password Settings Objects (PSOs), which are completely separate from Group Policy and most easily configured using Active Directory Administrative Center. If these settings are configured in another GPO, they will only affect local user accounts on the computers that receive the GPO. Note: Password Policy settings (section 1.1) and Account Lockout Policy settings (section 1.2) must be applied via the Default Domain Policy GPO in order to be globally in effect on domain user accounts as their default behavior. The recommended state for this setting is: 24 or more password(s). To maintain the effectiveness of this policy setting, use the Minimum password age setting to prevent users from repeatedly changing their password. The default value for Windows Vista is 0 passwords, but the default setting in a domain is 24 passwords. The value for this policy setting must be between 0 and 24 passwords. Title: "Ensure 'Enforce password history' is set to '24 or more password(s)' "ĭescription: "This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. 'r:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion -> ProductName -> r:^Windows 10 ' Title: "Check that the Windows platform is Windows 11 "ĭescription: "Requirements for running the CIS benchmark Domain Controller under Windows 11 " Name: "CIS Benchmark for Windows 11 Enterprise (Release 21H2) "ĭescription: "This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 11.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |