Question about "Password must meet complexity requirements" in GP

Posted on 2009-02-11
Last Modified: 2013-12-04
Our current password policies at our organization or not as strong as we would like them. We would like to empliment the GPO setting (Password must meet complexity requirements). We know how to do this, however we don't know how it will behave after we switch it on. For example,

1. Will it prompt users right away (the ones that don't meet password complexity requirements) to change at next logon?

2. before we switch it on could we "pre" change users passwords to meet the requirements before deployment? This way we could somewhat control the amount of helpdesk phone calls we recieve. If we do this will the setting wipe out the passwords that we just set (the ones that meet the complexity requirements.?

Question by:tludl880
    LVL 82

    Accepted Solution

    1. Enabling the policy will have no influence on existing passwords; there is no way to determine whether an existing passwords meets any complexity requirements, because only a hash is stored, not the password itself.
    The only thing that will have an influence is the "Password expires after"; passwords that haven't been changed for more than the number of days will expire as soon as the policy is enabled.
    2. Since existing passwords aren't checked against the requirements, there's no need for that. You should, however, inform your users about the new requirements.
    LVL 31

    Expert Comment

    by:Toni Uranjek
    1. No, users will have to change their passwords after their passwords expire.
    2. I don't quite understand this part of your question. ;)

    Complex password are not the key to security, you would be way ahead of the game with longer pasphrases. Any simple phrase (for example phrase/sentence with 15 characters) is better than 8 characters random generated password.

    Author Closing Comment

    thanks for the help will do!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now