Solved

How can I change password complexity so that password must contain characters from all four categories

Posted on 2009-07-13
2
367 Views
Last Modified: 2012-06-21
Normally when you activate "password complexity" in a windows domain you demand that the password contains characters from three out of four categories (UPPERCASER, lowercase, numbers, numbers and non-alfabetic characters).

Is there a way to change it so that all four categories must be met?
0
Comment
Question by:Joffer
2 Comments
 
LVL 20

Assisted Solution

by:MightySW
MightySW earned 100 total points
ID: 24840979
Sorry, no.  This is complexity and you cannot enforce this on users.

This is by design.

Know you didn't want to hear this, but this is the way that it is.  Unless someone out there has some sort of non-MS .adm template to do this you cannot enforce all 4.  

In a way, this is done by the security policy.  

There may be a way to have this scripted and checked on the login script.  You might want to resubmit this under scripting.  They may have a better answer.

HTH
0
 
LVL 12

Accepted Solution

by:
Gideon7 earned 150 total points
ID: 24844126
The only solution I can think of is to write your own credential provider (CP) to enforce your custom password-complexity policy.
A good overview on writing a CP can be found at http://msdn.microsoft.com/en-us/magazine/cc163489.aspx.  See especially the discussion of a "hybrid implementation", which describes how to customize the existing default CP to fit your needs.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now