Domain Policy

In Domain Policy, you can set up password policies and account lockout policies.

Password Policy

• Maximum password age: Specify the time after which passwords expire. Passwords will never expire if the option is disabled.
• Minimum password age: Specify the time frame in which users are not allowed to change their passwords after their last password change. Passwords can be changed at any time if the option is disabled.
• Minimum password length: Specify the minimum length of new passwords.
• Enforce password history: All new passwords must be different from the ones set previously. Specify the number of records here.
• Enable password strength check: Passwords must comply with at least three of the following rules:
  • Uppercase letters of the Latin (including A-Z with diacritic marks), Greek, and Cyrillic alphabets.
  • Lowercase letters of the Latin (including a-z with diacritic marks), Greek, and Cyrillic alphabets.
  • Numeric characters (0-9).
  • Special characters such as #, $, !
  • Unicode alphabets, including those in Asian languages.
• Exclude common password: Refrain users from setting common passwords, such as "123456", "password", and "qwerty".
• Store password using reversible encryption: Enabling this option will compromise domain security. This option is not recommended unless demands of domain client services take higher priority over password security.

Account Lockout Policy

• Account lockout threshold: User account will be locked out when the number of failed login attempts exceeds the specified lockout threshold.
• Reset lockout counter after: The number of failed login attempts will be re-calculated after the specified time.
• Lockout duration: Locked-out user accounts will be unlocked when the specified lockout duration ends.