Announcement

Collapse
No announcement yet.

Adjusting Compexity requrements.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adjusting Compexity requrements.

    Ok, so I finally got permission to turn on the Passwords Must Meet Complexity Requirements part of the GP on my AD. The problem is the the powers that be would like it a little less complex. IE: only use 2 of the 4 categories instead of the default 3 of 4. To top it all off another business unit has been able to set theirs this way so I need to find away to do it as well.

    Ok so Specs. I'm running AD at 2000 level. Need to jump through a few more hoops before I can Raise the level to 2003. When I look at AD for the Passwords Must Meet Complexity Requirements section of the GP I have only one option ... I can define it as Enabled or Disabled. Is there someplace else in the GP to change the requirements. It would be nice to have a definitive answer even if it ends up being that you can't do it in 2000.

    Oh, and just for reference,The other BU has been raised to 2003.

    Let me know if you need any clarification of what i'm asking. It's been a long day here in IT.

  • #2
    Re: Adjusting Compexity requrements.

    From http://technet2.microsoft.com/window....mspx?mfr=true:

    The rules that are included in the Windows Server 2003 password complexity requirements are part of Passfilt.dll and cannot be directly modified. The possible values for this Group Policy setting are:

    • Enabled.

    • Disabled.

    • Not defined.



    I think the same can be applied to Windows2000.

    Are you sure in the other OU the rules are changed somehow ?

    Regards,
    Hace a nice day,

    Simone Chemelli
    MCP (Exchange 2003)

    (This post is provided as-is with no warranties, expressed or otherwise, and confers no rights.)

    Comment


    • #3
      Re: Adjusting Compexity requrements.

      With the default Windows Server 2003 or Windows 2000, you cannot adjust the complexity requirements. They are either on or they are off. If they are on:

      Passwords must be a minimum of 8 characters.
      It must contain 3 of the four types of character. The four types are: letters, upper case letters, numbers and punctuation characters.
      It must not contain any 3 characters in succession from your name or user name.
      It must not contain more than two of the same character in succession.
      It must not be any of your (x) previous passwords. (x) can be changed in security policy.

      This is a good password which meets the requirements: deD1c4t.ed (even better is Od7cm.p4h - it's not based on a word.)
      This is a poor password which nevertheless meets the requirements: Computer.
      This is a poor password which does not: newcastle444


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: Adjusting Compexity requrements.

        p.s. it is possible to install a replacement (third party) passflt.dll but I would not recommend it; and I have to wonder if Microsoft would support your system with it installed. It would have to be installed I believe on all Windows systems in the Forest.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: Adjusting Compexity requrements.

          Thanks. I figured this was the answer but I wanted to get a few more thoughts on it. I'm wondering what they did to get it to work. I can't imagine they would have used a 3rd party product. I'm just waiting for the rally of ... this is too hard fix it.

          Comment

          Working...
          X