DEV Community

Cover image for Exercise 3 – Configure Group Policy for Password Policies
Kosisochukwu Ugochukwu
Kosisochukwu Ugochukwu

Posted on

Exercise 3 – Configure Group Policy for Password Policies

INTRODUCTION

In this exercise, you will practice configuring important security and recovery features in Active Directory. These settings make sure that your organization’s accounts are protected and that administrators can recover objects if they’re deleted by mistake.

Here’s the scenario: You are the IT administrator of a company that uses Active Directory to manage all its users and computers. To keep the company secure, you need to ensure that:

  • All users follow a standard password policy (for example, requiring a minimum length and complexity). This helps protect against simple or weak passwords that hackers could guess.
  • Domain Administrators, who have the highest level of access, must follow an even stricter password policy because if their accounts are compromised, the entire company is at risk.
  • If someone accidentally deletes an important account, group, or even a whole Organizational Unit (OU), you can use the Active Directory Recycle Bin to quickly restore it without starting from scratch.

By completing this exercise, you will learn how to:

  • Apply a domain-wide password policy that affects every account in the system.
  • Create a fine-grained password policy that gives tighter security rules just to sensitive groups (like Domain Admins).
  • Enable the Recycle Bin, a critical safety net that protects against accidental deletions and makes recovery much easier.

These are common tasks that IT administrators perform to balance security and usability, while also preparing for mistakes that happen in real-world environments.

Part 1 – Configure Domain Password Policy

This sets the basic password rules for the entire domain.

Steps:

On TAILWIND-DC1, open Server Manager.
From the Tools menu, select Group Policy Management.

Image P1
In the Group Policy Management console:

Expand forest: tailwindtraders.internal → Domains → tailwindtraders.internal.

Right-click Default Domain Policy → choose Edit.

Image P2
In the Group Policy Management Editor:

Go to:
Computer Configuration → Policies → Windows Settings → Security Settings → Account Policies → Password Policy.

Double-click Minimum password length.

Image P3

Change the value to 14 characters and click OK.

Image P4

Image P5
Close the Group Policy Management Editor and then close Group Policy Management.

Part 2 – Configure Fine-Grained Password Policy

This creates a stricter password rule for the Domain Admins group only.

Steps:

On TAILWIND-DC1, open Server Manager.
From the Tools menu, select Active Directory Administrative Center.

Image P6
In the left pane, click Tailwindtraders (local).

Image P7
In the middle pane, open the System container.

Image P8
Inside System, open the Password Settings Container.

Right-click Password Settings Container → choose New → Password Settings.

Image P9
In the new settings window:

Name: Domain Admin Password Policy

Precedence: 1

Minimum password length: 16 characters

Click OK.

Image P10
Open the newly created policy (Domain Admin Password Policy).

Image P11
In the Directly Applies To section: Click Add.

Image 12

Type Domain Admins.

Click Check Names → OK → OK.

Image P13

Image P14

Part 3 – Enable Active Directory Recycle Bin

This allows you to recover accidentally deleted AD objects (like users or OUs).

Steps:

On TAILWIND-DC1, open Server Manager.
From the Tools menu, select Active Directory Administrative Center.

Image P15
In the left pane, click Tailwindtraders (local).

In the right pane, select Enable Recycle Bin.

Image P16
When a warning appears → click OK.

Image P17
Another warning will appear about replication latency → click OK again.

Conclusion

In this exercise, we successfully configured Group Policy for password policies, ensuring stronger protection of user accounts by enforcing rules such as password length, complexity, and expiration. These settings help maintain security across the system by reducing the risk of weak or compromised passwords.

In the next exercise, we will build on this foundation by learning how to configure security settings, which will allow us to further strengthen and customize the overall security of the system environment.

Top comments (0)