Here are step-by-step instructions to enable password policy requirements for Windows, Mac or Linux device.

Windows

• The following requirements must be enforced to pass this check:
  • Minimum password length: 8 characters
  • Password must meet complexity requirements: Enabled

• "gpedit.msc" or "secpol.msc" must be installed in order to set a password policy 
  • These comes installed on Windows 10/11 Pro
  • If you are on Windows 10/11 Home, this is how to download and install "gpedit.msc":
    • Download this Batch script
    • Right-click it and select "Run as Administrator"
    • Wait up to 10 minutes for the script to download and install "gpedit.msc"
    • Follow the instructions for "Group Policy method"
• The requirements can be set via Group Policy or Local Security Policy.
  • Group Policy method:
    • Open the Run program and enter "gpedit.msc"
    • Go to "Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy"
      • Set "Minimum password length" to 8
      • Set "Password must meet complexity requirements" to "Enabled"
  • Local Security Policy method:
    • Open the Run program and enter "secpol.msc"
    • Go to Security Settings -> Account Policies -> Password Policy
      • Set "Minimum password length" to 8
      • Set "Password must meet complexity requirements" to "Enabled" 

• If not all your Windows devices come with these programs or it would be too time-consuming to edit these settings on each device, we recommend instead using an MDM to enforce these settings. 

Mac

You will need to create a device profile with requireAlphanumeric set to true and minLength >= 8.

• An MDM such as Kolide or Jamf Pro can also create and enforce a password & screen lock policy.
• If not using an MDM, you can install this profile we've created for everyone to use, or you can use the resources below to create your own device profile.
  • This profile will also enforce the required screen lock settings.
  • To install, open the downloaded file and System Settings will automatically open to Device Management, where you can review and install the profile. Note that on macOS 15, profiles are now managed under Device Management.
• Profile resources:
  • More information on configuration for Apple devices
  • More information on payload for configuring a password policy

Linux

The Password Policy check will not pass until you have both updated the password requirements and changed your password to comply with these requirements. These instructions were taken in part from this article.

The Password Policy check requires:

• Minimum password length of at least eight characters.
• The classes of characters are digits, upper letters, lower letters, and special characters.
• Minimum class of at least three for each password, meaning that multiple classes must be represented in the password.

1. Install the augeas-lenses library and PAM module by running the following commands in your terminal:

sudo apt install augeas-lenses

sudo apt install libpam-pwquality

1. Some Linux distributions may already have these libraries installed. See here for more technical information about the PAM module.
2. Open the /etc/pam.d/common-password file.
3. Find the line that includes pam_pwquality.so.
4. Add minlen=8 minclass=3 to the end of that line. An example would look something like this:

password requisite pam_pwquality.so retry=3 minlen=8 minclass=3

• *If your Linux device is not 'checking in' after restarting, please refer to this article.

Troubleshooting

Error 0x8007371b / DISM Error 14107 During Password Policy Installation

Sometimes, when attempting to enable password complexity and length policies—especially on Windows Home edition using the InstallGroupPolicyEditor.bat script—the following DISM error may appear: Error: 14107 0x8007371b – One or more required members of the transaction are not present.

Possible Causes & Fixes:

1. Antivirus interference (e.g., AVG) may block Secureframe scripts.
   Fix: Temporarily disable antivirus, rerun the policy installation, then re-enable.

2. Windows Home limitations — lacks native Group Policy tools.
   Fix: Confirm your version and edition.

   • Option 1: Press Windows + R, run winver.

   • Option 2: Go to Settings > System > About and check the Windows specifications section.

3. Corrupted system files or update components.
   Fix (Run in elevated Command Prompt): sfc /scannow DISM /Online /Cleanup-Image /RestoreHealth

   Then restart and retry installation.

4. Pending or failed Windows updates.
   Fix: Ensure your device is fully updated via Settings > Windows Update.

5. Log collection for support escalation.

   • DISM log: C:\Windows\Logs\DISM\dism.log

   • Secureframe Agent logs: Share with the support team if issue persists.

If the problem continues, please open a support request with logs and system details.

• Secureframe macOS Policy.mobileconfig5 KB
• InstallGroupPolicyEditor.bat379 Bytes