Bebzounette
Search
K
Comment on page

Password Policy

The password policy helps ensure that a user's password is strong and is changed periodically so that it becomes impossible for an attacker to crack the password.
By default, the password policy is configured like this:
Policy
Default value
Enforce password history
24 passwords
Maximum password age
42 days
Minimum password age
1 day
Minimum password length
7
Password must meet complexity requirements
Enabled
Store passwords using reversible encryption
Disabled
Account lockout duration
Not set
Account lockout threshold
0
Reset account lockout counter after
Not set
From an attacker's point of view it is useful to list the password policy in force on the domain and then be able to do either:
  • Bruteforce
  • Guessing
  • Spraying
  • Cracking
UNIX
Windows cmd
Windows Powershell
Modules AD
PowerView
cme smb 192.168.1.0/24 -u <USERNAME> -p '<PASSWORD>' --pass-pol
net accounts
get-addomain | get-adobject -propertcies * | select *pwd*er
This command gets the default password policy for the specified domain.
Get-ADDefaultDomainPasswordPolicy -Identity domain.local
Get-DomainPolicy