Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Meeting Password Complexity Requirements on a Workstation Computer

Posted on 2004-09-04
2
Medium Priority
?
345 Views
Last Modified: 2010-04-19
I'm running a Windows Server 2003 AD Environment with five workstations and one server.  For security we use the built-in password requirments including:
 - User must change password every 90 days
 - Password must be at least 7 characters long
 - Password cannot have been used within last 12 passwords
 - Password must contain 3 of the follwing four items:
  * Uppercase English characters
  * Lowercase English characters
  * Numbers
  * Punctuation
 - Password cannot contain user name/full name

The problem is, when it comes time for a user to change their password, they can't.  Any password chosen, regardless of whether it meets the complexity requirements, is denied.  This only happens at a client workstation.  I can set the password to ANYthing valid on the server.

When I try to change the password on the workstation, I recieve the error:
 Your password must be at least 7 characters; cannot repeat any of your previous 12 passwords; must contain capitals, numberals or punctuation; and cannot contain account or full name.  Please type a different password.  Type password which meets these requirements in both text boxes.
0
Comment
Question by:lordcelerborn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 11981757
Does it let you change the password at all?
For example if you entered something like

!2S%d5zx

Does it let you change it?

What about (just in case you have made an error)

!QWE?-123lkj

(Which is three punctuation, three upper, three lower and three numbers).

You need to verify whether it is a general problem with changing password or just complexity requirements.

I will say that those requirements are quite tough - even I am not that mean to my users.
Password complexity is a difficult business. Make it too easy and compromised accounts could cause a problem. Make it too tough and you have no security as users will write them down on post it notes.

Simon.
0
 

Author Comment

by:lordcelerborn
ID: 11982110
Well, thanks to Simon's reccomendation to check that Complexity Requirements was the ONLY factor, I noticed a minimum password age of 89 days (compared to the maximum age of 90), giving users a one day password change window.

Now that I changed it, the passwords are working fine.  As far as the "harshness" of my password requirements, I partially agree.  Unfortunately, you cannot adjust the complexity requirements (the part which requires three of the four character types).  Personally I would only want two, but 2003 Server doesn't let you change it.

Thanks,
Mike
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question