Password Policy

The password policy helps ensure that a user's password is strong and is changed periodically so that it becomes impossible for an attacker to crack the password.

By default, the password policy is configured like this:


Default value

Enforce password history

24 passwords

Maximum password age

42 days

Minimum password age

1 day

Minimum password length


Password must meet complexity requirements


Store passwords using reversible encryption


Account lockout duration

Not set

Account lockout threshold


Reset account lockout counter after

Not set

From an attacker's point of view it is useful to list the password policy in force on the domain and then be able to do either:

  • Bruteforce

  • Guessing

  • Spraying

  • Cracking

cme smb -u <USERNAME> -p '<PASSWORD>' --pass-pol

Last updated