?
Solved

Meeting Password Complexity Requirements on a Workstation Computer

Posted on 2004-09-04
2
Medium Priority
?
346 Views
Last Modified: 2010-04-19
I'm running a Windows Server 2003 AD Environment with five workstations and one server.  For security we use the built-in password requirments including:
 - User must change password every 90 days
 - Password must be at least 7 characters long
 - Password cannot have been used within last 12 passwords
 - Password must contain 3 of the follwing four items:
  * Uppercase English characters
  * Lowercase English characters
  * Numbers
  * Punctuation
 - Password cannot contain user name/full name

The problem is, when it comes time for a user to change their password, they can't.  Any password chosen, regardless of whether it meets the complexity requirements, is denied.  This only happens at a client workstation.  I can set the password to ANYthing valid on the server.

When I try to change the password on the workstation, I recieve the error:
 Your password must be at least 7 characters; cannot repeat any of your previous 12 passwords; must contain capitals, numberals or punctuation; and cannot contain account or full name.  Please type a different password.  Type password which meets these requirements in both text boxes.
0
Comment
Question by:lordcelerborn
2 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 11981757
Does it let you change the password at all?
For example if you entered something like

!2S%d5zx

Does it let you change it?

What about (just in case you have made an error)

!QWE?-123lkj

(Which is three punctuation, three upper, three lower and three numbers).

You need to verify whether it is a general problem with changing password or just complexity requirements.

I will say that those requirements are quite tough - even I am not that mean to my users.
Password complexity is a difficult business. Make it too easy and compromised accounts could cause a problem. Make it too tough and you have no security as users will write them down on post it notes.

Simon.
0
 

Author Comment

by:lordcelerborn
ID: 11982110
Well, thanks to Simon's reccomendation to check that Complexity Requirements was the ONLY factor, I noticed a minimum password age of 89 days (compared to the maximum age of 90), giving users a one day password change window.

Now that I changed it, the passwords are working fine.  As far as the "harshness" of my password requirements, I partially agree.  Unfortunately, you cannot adjust the complexity requirements (the part which requires three of the four character types).  Personally I would only want two, but 2003 Server doesn't let you change it.

Thanks,
Mike
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question