Customize the Password Policy In Windows 7 / 8 / 10

You might have seen on certain websites that for registering, you will have to enter a password that matches the criterion set by the website (for example a password should  be minimum 8 characters long, should contain lower and upper case letters etc). You can implement this feature in Windows 8 and Windows 7 as well, using either Local Security Policy for Windows 7 Professional or Ultimate users or using an elevated  command prompt for users with other Windows  10 / 8 / 7 editions.

Change Windows Password Policy

Using Local Security Policy.

Type Local Security Policy in the start menu search and press Enter. The LSP window will open. Now from the left pane, choose Password Policy from under Account Policies. Now on the right side six options will be listed.

img1

Details of each of those options are listed below.

Enforce Password history: This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords. This policy enables administrators to enhance security by ensuring that old passwords are not reused continually.

Maximum password age: This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If the maximum password age is between 1 and 999 days, the Minimum password age must be less than the maximum password age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days.

Minimum password age: This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.

Minimum password length: This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0.

Password must meet complexity requirements: This security setting determines whether passwords must meet complexity requirements. If this policy is enabled, passwords must meet the following minimum requirements:

– Not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters
– Be at least six characters in length
– Contain characters from three of the following four categories:

  • English uppercase characters (A through Z)
  • English lowercase characters (a through z)
  • Base 10 digits (0 through 9)
  • Non-alphabetic characters (for example, !, $, #, %)

Complexity requirements are enforced when passwords are changed or created.

Store password using reversible encryption: This security setting determines whether the operating system stores passwords using reversible encryption. This policy provides support for applications that use protocols that require knowledge of the user’s password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information.

To change any or all these options, just double click the option, select the appropriate choice and click OK.

Using Elevated Command Prompt.

Type cmd in the start menu search. From under Programs, right click cmd and select Run as administrator.

image

The commands and their explanation is given below.

net accounts /minpwlen:length –  This sets the minimum number of characters a password must contain. Replace the word length with the desired number of characters. Range is 0-14.

example: net accounts /minpwlen:7

net accounts /maxpwage:days – This sets the maximum number of days after which the user will have to change the password. Replace days with the desired value. Range is from 1-999. If used unlimited, no limit is set. The value of maxpwage should always be greater than minpwage.

example: net accounts /maxpwage:30

net accounts /minpwage:days – This sets the minimum number of days that must pass before the password can be changed. Replace days with the desired value. Range is from 1-999.

example: net accounts /minpwage:10

net accounts /uniquepw:number – This sets the number of times after which a password can be used again. Replace number with the desired value. Maximum value is 24.

example: net accounts /uniquepw:8

To use a command, just enter it in the command prompt as shown and press enter.

img2

To review the settings type net accounts in the cmd and press enter.

img

An overview of all the settings will be shown!

Posted by on , in Category Windows with Tags
Currently pursuing Bachelors in Electronics, the author Nithin Ramesh is a technology blogger. Apart from technology his other interests include cricket and rock music.

7 Comments

  1. Mee39

    Thank you, very useful!

  2. Simon

    Just what I needed. Microsoft site doesn’t tell you how to change via cmd. many thanks. Simon.

  3. David Chase Hawisher

    How do you remove password complexity via cmd?

  4. Yessai

    Very useful ! Thank u.

  5. Bonjovi

    How do you bypass the policy that won’t let you reset your password as a previous password?

  6. Bonjovi

    In windows 8

  7. AndresF

    Thank you, It is working succesfull for Windows Server 2012

Leave a Reply

Your email address will not be published. Required fields are marked *

Prove you passed math in school! *