Passwords too complex on Server 2003

  • Thread starter Thread starter John Noitargim
  • Start date Start date
J

John Noitargim

Hi everyone,

I have just started designing a 2k3 domain and am struggling a bit with
Microsoft's default security measures!

I found the GPO at the top level of the domain and have disabled the policy
demanding complex passwords but it will still not let me type 'weak'
passwords!! Have I missed anything? I dont mind the length or history
changes but need to get rid of the default 'complexity' rules!

Many thanks,

J
 
You can't disable the GPO Default Domain Policy to disable complexity
passwords, within this policy you have set a setting to disable complexity
passwords, I'm personally not recommend you to turn off complexity
passwords.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
Thanks Chris,

I know how good complex password are but the question is how technical are
your users??

I do not fancy upset users with post-it notes on their monitor because their
password is too complex!

J
 
John,
You are absolutelly correct stating that too restrictive password policies
can have a negative effect - if user can not remember a password (s)he will
write it down. But...
Requirements you mentioned are not too complex. You can easily create
passwords that comply those requirements and still can be easily remembered.
All you need is to teach your users how to create such passwords. The
technique is quite simple. Let's take your Surname (if you don't mind :) )
and see where we can put all those numbers and special characters. I ended
up with this: n0!Ta_greEm
This password contains lower and upper letters, numbers and special
characters. How difficult it will be to remember such password for you? :)
Though I can't say that this is a strong password but it is much better than
plain "Noitargim" anyway. I'm sure your ysers can easily be teached to use
such approach.


Al.
 
Pa55w0rd


;-)

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


John,
You are absolutelly correct stating that too restrictive password policies
can have a negative effect - if user can not remember a password (s)he will
write it down. But...
Requirements you mentioned are not too complex. You can easily create
passwords that comply those requirements and still can be easily remembered.
All you need is to teach your users how to create such passwords. The
technique is quite simple. Let's take your Surname (if you don't mind :) )
and see where we can put all those numbers and special characters. I ended
up with this: n0!Ta_greEm
This password contains lower and upper letters, numbers and special
characters. How difficult it will be to remember such password for you? :)
Though I can't say that this is a strong password but it is much better than
plain "Noitargim" anyway. I'm sure your ysers can easily be teached to use
such approach.


Al.
 
Pa55w0rd

Yup, even this obviosly weak password which is prone to hybrid dictionary
attack will have no problems with Windows' complexity requirements policy.

Al.

P.S. How about Pa7s(2*v)orD ?
:o)
 
Pa7s(2*v)orD

Forget post-it notes...some of my users would need that tattooed on them!!!
;-)


--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Alexander Suhovey said:
Pa55w0rd
Click to expand...

Yup, even this obviosly weak password which is prone to hybrid dictionary
attack will have no problems with Windows' complexity requirements policy.

Al.

P.S. How about Pa7s(2*v)orD ?
:o)
 
The trick with this is that users do not need to remember some ugly long
barely readable password. They just need to remember how they created it.
Which is much simplier. 7 is because of first letter of "seven", 2*v = w.
Isn't it simple?..
The result is looking too complex? Who cares...

Al.
 
Instead of calling them passwords in front of the users, we call them
passphrases. A phrase or sentence is easy to remember and difficult to
brute force.
 
Something like "1LoveCh33se" eh? ;-)

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


message Instead of calling them passwords in front of the users, we call them
passphrases. A phrase or sentence is easy to remember and difficult to
brute force.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Blank Passwords, Complex Requeirements and Problems... 5
Password on 2003 server AD. 1
password complexity 3
disable password complexity 3
Security Enhancements 1
changing administrator password 2
GPO Password Policy Problem 5
Setting password complexity requirements 7

Back
Top