How is your password policy enforced across the organization (e.g. password complexity, age, lockout settings, # of last passwords used, etc.)?

We have a password management policy that is enforced. This defines criteria for password length, complexity, and sharing amongst other things.