Password Policies are a set of rules that determine what can and cannot be used to construct a password that is considered acceptible and secure.
LogonBox is able to use Password Policies that are already in use on your Active Directory Domain systems but also has the ability to enforce its own policies over these as well.
To begin, navigate to Administration->Security & Permissions->Password Policies.
If you are using Active Directory, you will see your existing AD policies here.
Creating a new Password Policy
To begin, select the Create option, the first tab in the Create Password Policy is the Expire tab, this contains the options for the Minimum and Maximum Age values. These options control how long a password is valid for and when it can be changed by the user.
The Policy tab sets various options regarding the password, Minimum and Maximum Length set how many characters are required for the password. May Contain Username and Contain Banned Words allow specification of certain words and phases that can be set or blocked. Password History allows specification of how many previous passwords are blocked from use. Priority sorts the order of policies when an account has multiple policies assigned to it.
The Criteria tab allows specification of which types of characters and how many are needed for a password to be considered valid and conform to the password policy.
Finally, the Assignment tab allows specification of the user accounts, roles, and groups to with the policy is assigned and thus can be used by/
Select the Create button to complete the process. The new policy is listed in the Password Policies list.
Creating a Policy that overrides the Domain Policy
If you wish to create a new Password Policy that takes precedence over the Domain Policy we should first make a copy of the Default Domain Policy, using the Copy action in the Actions menu.
Just click Update for now to save the new Policy.
Immediately edit this new Password Policy created above using the Edit option. You can now change the name of the policy and in the Policy and Criteria tabs, select your new password strength requirements.
As long as this new policy is stronger than the one you are overriding, you will be able to use this policy (because if you set a weaker one, then AD will reject and password change).
This policy will be assigned to the Everyone Role so that it applies to all user accounts including those from Active Directory.
Save the changes and the configuration will now be complete.