Announcement

Collapse
No announcement yet.

Password must meet complexity requirements

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password must meet complexity requirements

    Why with default options Windows Server 2008 R2 in a company.local domain I cannot set the the following admin password:

    Code:
    _50cents
    Looks like it fulfill all the following requirements:

    http://technet.microsoft.com/en-us/l...68(WS.10).aspx

    Thanks,

    Alberto

  • #2
    Re: Password must meet complexity requirements

    As you say, it meets everything, but I wonder about the leading underscore -- if you changed it to say "50<underscore>cents" would that work?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Password must meet complexity requirements

      Have you tried changing one of the letters to a capital?
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Re: Password must meet complexity requirements

        Shouldnt be needed
        "3 out of 4 of UPPER, lower, numbers, others"
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Password must meet complexity requirements

          Having an underscore at the beginning of a password is OK (just tried on an account). There must be another policy in place or fine grained passwords in the domain.

          Have you checked to make sure that your password policy is in a GPO linked to the domain object, with the highest priority (to ensure that another policy linked to the domain is not overriding this policy)?
          JM @ IT Training & Consulting
          http://www.itgeared.com

          Comment


          • #6
            Re: Password must meet complexity requirements

            Is this for the default admin account? If not what is the username and display name?
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: Password must meet complexity requirements

              Yes, it's the DC administrator account.

              Wanted to make some more tests but I don't know where to change the admin password before expiration from a remote desktop connection. Is it possible?

              [JM] I have never changed anything on this machine, it has the standard WinSrv2008 R2 settings.

              Comment


              • #8
                Re: Password must meet complexity requirements

                what about password history? have you used that password as one of your last 3 or 5 passwords? (or whatever the history is set to).

                Comment


                • #9
                  Re: Password must meet complexity requirements

                  History should not apply if you reset the password (rather than the user setting it)
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: Password must meet complexity requirements

                    That's right, I was trying to set one of my old passwords. Is it forbidden with default settings?

                    Thanks,

                    Alberto

                    Comment


                    • #11
                      Re: Password must meet complexity requirements

                      How were you setting it?
                      CTRL+ALT+DEL & "Change Password" -- would not work
                      ADUC, right click acccount, change password -- should work

                      History IIRC is 24 passwords remembered by default
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: Password must meet complexity requirements

                        Do you mean I should keep 24 password before starting to reuse them? What are best practice in this scenario? A compromise between security and practicity...

                        Thanks,

                        Alberto
                        Last edited by devdept; 16th January 2012, 22:50.

                        Comment


                        • #13
                          Re: Password must meet complexity requirements

                          Essentially that is what MS would have you do -- you can change that through a domain level Group Policy
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment


                          • #14
                            Re: Password must meet complexity requirements

                            I see, thanks. Normally what would you do in small company.local domains?

                            Thanks,

                            Alberto

                            Comment


                            • #15
                              Re: Password must meet complexity requirements

                              Has anyone change the default Adminstartor password requirements to require a more complex, complex password? This is 2008 R2 after all.
                              1 1 was a racehorse.
                              2 2 was 1 2.
                              1 1 1 1 race 1 day,
                              2 2 1 1 2

                              Comment

                              Working...
                              X