GPO password length audit

Question

With the new-ish password guidelines focusing on longer, but static, passwords I updated GPOs to include "minimum password length audit" to the proposed new limit. However I haven't found any guidance on where to get these audit results, or how long until I can expect them to start showing up. Where are these results posted?

Additionally I found some discussions about having different AD server versions and these settings. I needed to build new servers to obtain the "Relax minimum password length limits" and "Minimum password length audit" options in Group Policy Management. Even though the OS appears to be patched, these options were not on the existing servers. Will I see some inconsistencies until I move DSMO roles to the new servers?

Answer 1

Hello Skygordon,

Thank you for posting in our Q&A forum.

Here is a document that might help you. It contains the following information.

Supported versions of Windows.
Deployment guidelines.
Policy path and setting name.
When Windows event ID will log.
Windows event ID and log messages.

For more information, you can read it.
https://support.microsoft.com/en-us/topic/minimum-password-length-auditing-and-enforcement-on-certain-versions-of-windows-5ef7fecf-3325-f56b-cc10-4fd565aacc59#:~:text=If%20the%20Relax%20minimum%20password%20length%20limits%20setting,to%200%20means%20that%20no%20password%20is%20required.

Hope the information above is helpful. If you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.