While security is a broad area to cover, one of the tasks you have is to define a password policy and account lockout policy, both of which are configured using Group Policy Management console.
Password Policy settings are located and can be configured under Computer Configuration\ Windows Settings\Security Settings\Account Policies\Password Policy.
Also included in Windows Server 2012 R2, fine-grained password policies enable you to configure different password policies and lockout settings (as discussed previously) that can be applied to specific users or groups within a domain.
If you recall, previously these were applied to the entire domain.
The password complexity setting prevents users from employing simple, easy-to-guess passwords by enforcing the following requirements with respect to creating passwords: As with previous versions of Windows Server, domain controllers keep track of logon attempts.
By configuring Account Lockout Policy settings, you can control what happens when unauthorized access attempts occur.
Group Policy contains an entire series of policy settings found under the Security Settings subnode in both the Computer Configuration and User Configuration sections.
This tutorial looks primarily at the policy settings contained under the Local Policies sub-subnode beneath Security Settings.
Consult this tab before modifying any of the default user rights.
You can also create a new GPO and configure a series of settings in this node to be applied to a specific group, and then link the GPO to an appropriate OU and grant the required group the Read and Apply Group Policy permissions.