Password policy

[tony]

I'm trying to change the password policy, but I have to have a specific
requirement.

I need to enforce

min of 9 characters
2 numbers
2 Uppercase letters
2 special characters

Can anyone help me out here?

 

[Roger Abell [MVP]]

You can only accomplish that specific password form by use
of a custom Winlogon gina, such as your dev staff might be able
to devised based on the MSDN sample, or such as you could
purchase from the third-party market.

 

[ANIXIS]

If you're familiar with C you can write a password filter to do this.
Microsoft even gives you a sample to get started.
http://msdn.microsoft.com/library/d...s/secmgmt/security/sample_password_filter.asp

Your needs are very simple, but take care when writing password
filters. A buggy password filter could jeopardize your network security
and/or crash your DCs.

If you would rather purchase a solution, then our Password Policy
Enforcer product will do exactly what you want without any programming.
http://www.anixis.com/products/ppe/features.htm

 

[Steven L Umbach]

If the other solutions are not what you want to do, consider using the built
in password complexity and increasing the minimum length of password to
maybe 15 characters. That will prevent storage of the password as an lm hash
and make the password extremely strong - much stronger than your current
proposal. Train users to think pass phrase instead of password and encourage
them to use spaces between words. --- Steve