The Password Policy controls settings related to each user's passwords. It is important to enforce a password policy, because the chances of a user giving out their password (accidentally or intentionally) is very high. Thus, requiring them to change their password reasonably often and have it conform to a set of standards that make it very difficult to crack is in your organization's best interests.
Access the Password Policy from:
Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
There are five settings here that you can set. They are: Enforce Password History, Maximum Password Age, Minimum Password Age, Minimum Password Length, and Password Must Meet Complexity Requirements. I recommend that you enforce a password history that is a minimum of 6. This means that a user must change their password six times before they can reuse a password. For Maximum Password Age, I recommend between 30 and 40 Days - this forces users to change their password every number of days specified in this setting.
Minimum Password Age is also important, because it requires users to use their password a certain amount of time before changing it. A smart user could figure out your system and change their password six times in a row, thus bypassing the password change and compromising your network. I recommend a Minimum Password Age of 1 day, and preferably 7 days. For Minimum Password Length, most enterprises require a minimum length of 8, or sometimes 12. The longer the password, the harder it is to crack. You should definitely enforce Password Must Meet Complexity Requirements. Doing so requires passwords to contain a Capital Letter, a Lowercase Letter, a Number, and a Special Character. An example of this is the password: @dministrat0R (though I definitely recommend you not use that one).