Solved

Meeting Password Complexity Requirements on a Workstation Computer

Posted on 2004-09-04
2
336 Views
Last Modified: 2010-04-19
I'm running a Windows Server 2003 AD Environment with five workstations and one server.  For security we use the built-in password requirments including:
 - User must change password every 90 days
 - Password must be at least 7 characters long
 - Password cannot have been used within last 12 passwords
 - Password must contain 3 of the follwing four items:
  * Uppercase English characters
  * Lowercase English characters
  * Numbers
  * Punctuation
 - Password cannot contain user name/full name

The problem is, when it comes time for a user to change their password, they can't.  Any password chosen, regardless of whether it meets the complexity requirements, is denied.  This only happens at a client workstation.  I can set the password to ANYthing valid on the server.

When I try to change the password on the workstation, I recieve the error:
 Your password must be at least 7 characters; cannot repeat any of your previous 12 passwords; must contain capitals, numberals or punctuation; and cannot contain account or full name.  Please type a different password.  Type password which meets these requirements in both text boxes.
0
Comment
Question by:lordcelerborn
2 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 11981757
Does it let you change the password at all?
For example if you entered something like

!2S%d5zx

Does it let you change it?

What about (just in case you have made an error)

!QWE?-123lkj

(Which is three punctuation, three upper, three lower and three numbers).

You need to verify whether it is a general problem with changing password or just complexity requirements.

I will say that those requirements are quite tough - even I am not that mean to my users.
Password complexity is a difficult business. Make it too easy and compromised accounts could cause a problem. Make it too tough and you have no security as users will write them down on post it notes.

Simon.
0
 

Author Comment

by:lordcelerborn
ID: 11982110
Well, thanks to Simon's reccomendation to check that Complexity Requirements was the ONLY factor, I noticed a minimum password age of 89 days (compared to the maximum age of 90), giving users a one day password change window.

Now that I changed it, the passwords are working fine.  As far as the "harshness" of my password requirements, I partially agree.  Unfortunately, you cannot adjust the complexity requirements (the part which requires three of the four character types).  Personally I would only want two, but 2003 Server doesn't let you change it.

Thanks,
Mike
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now