I'm running a Windows Server 2003 AD Environment with five workstations and one server. For security we use the built-in password requirments including:
- User must change password every 90 days
- Password must be at least 7 characters long
- Password cannot have been used within last 12 passwords
- Password must contain 3 of the follwing four items:
* Uppercase English characters
* Lowercase English characters
- Password cannot contain user name/full name
The problem is, when it comes time for a user to change their password, they can't. Any password chosen, regardless of whether it meets the complexity requirements, is denied. This only happens at a client workstation. I can set the password to ANYthing valid on the server.
When I try to change the password on the workstation, I recieve the error:
Your password must be at least 7 characters; cannot repeat any of your previous 12 passwords; must contain capitals, numberals or punctuation; and cannot contain account or full name. Please type a different password. Type password which meets these requirements in both text boxes.