Setting password complexity requirements

[RSPD]

HI I am trying top establish a stronger password policy, and I cant seem to
find out where I can define the password complexity patterns. I see where I
can enable complexity requirements, set length, history and expiration. But
were do you define them.



Thanks in advance.

 

[Joe Richards [MVP]]

You can't natively. Your options are

1. Write your own custom filter and compile it and load it and register it
2. Purchase a third party filter that allows you to specify what exactly you want.

 

[Bob Hatcher]

Start\Programs\Administrative Tools\Domain Security Policy\Account
Policy\Password Policy

 

[Emerald]

Password complexity has, by design, these restrictions:

is at least x characters;
has not been used in the previous x passwords;
does not contain your account or full name;
contains at least three of the following four character
groups:

English uppercase characters (A through Z);
English lowercase characters (a through z);
Numerals (0 through 9);
Non-alphabetic characters (such as !, $, #, %)

and if a user doesn't enter a new password correctly, they
should get an error message on their screen explaining
exactly the above. If they don't, try this hot fix:
http://support.microsoft.com/default.aspx?scid=kb;en-
us;821425

 

[ss]

Thanks



In the Domains Password Policy

I see that you can set the; History, Length and Age of the password.



I assume that when you enable the complexity requirements the, this would
set the other items you were stating.

So that the password would not contain your account or full name and would
contain English uppercase characters (A through Z); English lowercase
characters (a through z); Numerals (0 through 9); Non-alphabetic characters
(such as !, $, #, %) and if a user doesn't enter a new password correctly.



BUT, assume be the key word. Can I set what pattern; ie: the Numerals can't
be at the end of the Password or the uppercase characters can't start the
password.





In addition, if they error on the entree, they should get an error message
on their screen explaining the above



Can I omit the warning? I could assist in hacking the password.



-- RSPD

 

[Guest]

Where can I get the Hotfix for this issue? The KB article only talks about a fix, but provides no link to download it.

 

[Cary Shultz [A.D. MVP]]

MDS,

Please post the link to the MSKB Article. Since I am not immediately aware
of to which article you are referring I can only assume that there is a link
in the middle of the page that will take you to the list of phone numbers to
contact MS Support. Call the number and refer to the MSKB Article and they
will most likely e-mail you the information that you need. In all
probability the file will be zipped and password protected. You should give
them a valid e-mail address and have WinZip - or whatever other utility that
might be available - on the machine where you will receive the e-mail.

HTH,

Cary

Where can I get the Hotfix for this issue? The KB article only talks

about a fix, but provides no link to download it.

 

[Matjaz Ladava [MVP]]

Can you be more specific on what is the problem. If you have a problem
disabling password complexity requirements on Windows Server 2003 AD, then
you have to edit Domain Security Policy, and set Password Must meet
complexity requirements to disabled and minimum password length. Run
gpupdate after that.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com

Where can I get the Hotfix for this issue? The KB article only talks

about a fix, but provides no link to download it.