Local security policy in windows 7

RFED · 25 Jul 2014

Hi guys,

Need your guidance in understanding Local security policy

1) I have configured local security policy in windows 7 professional under run-->secpol.msc--> Securuity policies-->Account policy---->Password policy

a) Minimum password length is set to 8 characters
b) Password must meet complexity requirements is enabled (I have set a password which has lower case/number and special character)
c) Maximum password age is set to 3 days

This means password will expire in 3 days. I need to change the password after 3 days correct?

d) Enforce password history---15 passwords remembered

This means the last 15 passwords is remembered so that user will not go back to the previously used password. Is this correct?

e) Minimum password age

I have set the minimum password age to 1

Does this mean password can be changed after 1 day?
Does this mean password cannot be changed before 24 hours (Once the password is set)? I may be wrong here because I was able to change the password before 24 hours. If I'm wrong please explain me what is minimum password?

Also for point d) Initially I set the password as "X" and then changed to "Y", I changed it back to "X" and still there was no error. Enforce password history says we cannot use the same password which was used previously but I did not get any error while changing the password (Changed it to the same password "X" which I used in the first instance).

Please help me in understanding the concept clearly.:)

Thank you
RFED

Brink · 25 Jul 2014

Hello RFED,

That's how I understand it.

Just to verify, did you also enable password expiration to enforce your min/max password age?

Password Expiration - Enable or Disable

Password History Enforcement - Enable or Disable

bigmck · 25 Jul 2014

It appears to me that you have everything correct. == The Minimum Password Age is rather strange. To me it means you can't change it before the minimum is up. I don't see why you would even need to have that filled in. I would just leave that as Zero so that you can change the password when ever you want.

RFED · 25 Jul 2014

bigmck said:

It appears to me that you have everything correct. == The Minimum Password Age is rather strange. To me it means you can't change it before the minimum is up. I don't see why you would even need to have that filled in. I would just leave that as Zero so that you can change the password when ever you want.

Hello bigmck,

That is exactly how I understood. When I set the Minimum password age to one, I thought I will not be able to change the password for atleast a day but strange thing is I was able to change to password.

It is not that I want to use the local security policy but was just trying to see how it works but could not understand both "Enforce password history" and "Minimum password age"

RFED · 25 Jul 2014

Brink said:

Hello RFED,

That's how I understand it.

Just to verify, did you also enable password expiration to enforce your min/max password age?

Password Expiration - Enable or Disable

Password History Enforcement - Enable or Disable

Please check this screen shot

Enforce Password history is set to 15 password but still I was able to change the password which I set earlier

Brink · 25 Jul 2014

Do you have password expiration enabled like below?

Password Expiration - Enable or Disable

RFED · 25 Jul 2014

Brink said:

Do you have password expiration enabled like below?

Password Expiration - Enable or Disable

Please check the screen shot which I set

Thanks for helping me out

Brink · 25 Jul 2014

That screenshot is not for password expiration. Please check the link to verify if you do. :)

RFED · 25 Jul 2014

Brink said:

That screenshot is not for password expiration. Please check the link to verify if you do. :)

Password expiration is not checked

Brink · 25 Jul 2014

I must admit that I'm not sure why it let you change your password back to a recent old one again with both policies enabled.