Ratakan

Informations :

Enforce Password Policy on User Setup GP Simulation

Simulasi menggunakan windows server 2012 R2


1 Create new user di Active Directory User





2 Unceklist Never Expires



3 Open Password Policy dengan cara :
In the Server Manager click on Tools and from the drop down click Group Policy Management
Expand Forrest >> Domains >> Your Domain Controller.
NOTE: There are some steps in the comments that some have made, that advise of additional steps at this point. Try without, but if you fail… have a look in the comments.
Right click on the Default Domain Policy and click on the Edit from the context menu.
Now Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
Pilih Edit






4 Cara setting Password harus ganti setiap 3/6 bulan sekali)
ini di setting di Maximum Password
Contoh di set 3 hari 





4.1 Untuk menguji apakah berhasil ubah tanggal server dari tgl 05 Juli menjadi Tgl 10 Juli
4.2 Create new User di GP





Ceklist Enforce Password Policy dan Enforce Password Expiration
Kemudian klik Dicrectory Account dan mapping user active directory ( Hanya windows server yang bisa , selain server tidak akan bisa ) 





4.3 Cek kapan user tersebut expired 






-- When will a SQL login password expire?          
SELECT SL.name AS LoginName           
      ,LOGINPROPERTY (SL.name, 'PasswordLastSetTime') AS PasswordLastSetTime           
      ,LOGINPROPERTY (SL.name, 'DaysUntilExpiration') AS DaysUntilExpiration           
      ,DATEADD(dd, CONVERT(int, LOGINPROPERTY (SL.name, 'DaysUntilExpiration'))           
                 , CONVERT(datetime, LOGINPROPERTY (SL.name, 'PasswordLastSetTime'))) AS PasswordExpiration           
      ,SL.is_policy_checked AS IsPolicyChecked           
      ,LOGINPROPERTY (SL.name, 'IsExpired') AS IsExpired           
      ,LOGINPROPERTY (SL.name, 'IsMustChange') AS IsMustChange           
      ,LOGINPROPERTY (SL.name, 'IsLocked') AS IsLocked           
      ,LOGINPROPERTY (SL.name, 'LockoutTime') AS LockoutTime           
      ,LOGINPROPERTY (SL.name, 'BadPasswordCount') AS BadPasswordCount           
      ,LOGINPROPERTY (SL.name, 'BadPasswordTime') AS BadPasswordTime           
      ,LOGINPROPERTY (SL.name, 'HistoryLength') AS HistoryLength           
FROM sys.sql_logins AS SL           
WHERE is_expiration_checked = 1           
ORDER BY LOGINPROPERTY (SL.name, 'PasswordLastSetTime') DESC          








4.4 Ganti tanggal server menjadi Tgl 14 agar melewati Password Expiration dan coba login GP kembali 
Hasilnya ketika user login GP maka akan muncul password agar diganti karena expired sebagai berikut dibawah 





Hanya ada pilihan Yes dan No
Jika No di klik maka akan kembali ke window untuk isi passoword ( Tidak bisa by pass , password harus di ganti
Jika Yes di klik maka muncul window Change User Password






Ketika melakukan penggantian ini akan di simpan history nya oleh SQL dengan query yang sama


5 Ada 4 hal yang bisa di setup untuk Enforce Password Policy ini : 
1. Cara setting Password Length -->Minimum Password Length - how many characters a password must be to be acceptable. ( Mesti menggunakan GP Web Client dengan user web Client User ). 

2. Cara setting Password Complexity -->Password must meet complexity requirements - enforces mixed case, etc., for the password ( Mesti menggunakan GP Web Client dengan user web Client User ).
 
3. Cara Setting Password History (jd jika ud pernah save dng password lama, pas ganti password tdk bisa menggunakan password itu lg) -->Password History - number of old passwords remembered( Mesti menggunakan GP Web Client dengan user web Client User ) .
4. Cara setting Password harus ganti setiap 3/6 bulan sekali)  --> Maximum Password Age - how old a password can be before it is expired



Password Policy
The Password Policy subfolder contains the password complexity settings like:
Password History - number of old passwords remembered
Minimum Password Age - how long before another password change can be attempted
Maximum Password Age - how old a password can be before it is expired
Minimum Password Length - how many characters a password must be to be acceptable.
Password must meet complexity requirements - enforces mixed case, etc., for the password
Ini semua ada di Grup Policy namun untuk GP Web Client misalnya GP Web dengan Azure AD




Dengan menerapkan GP Web dengan Web Client user maka Enforce Password Policy akan sesuai dengan setup pada user Active Dicrectory bukan user SQL 

contoh penerapan akan muncul message ketika login GP web sebagai berikut : 



No comments