• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2162
  • Last Modified:

Active Directory: Customize the Password must meet complexity requirements

HI,

I am looking to customize the Password must meet complexity requirements option in AD 2003 and 2008.  

We need to take out the Non-alphabetic characters from this policy.  

does anyone know how I can change the DLL for the policy?  and do you have instruction?
0
SEHC
Asked:
SEHC
2 Solutions
 
Matt VCommented:
You change this in the group policy setting.  Usually in the default domain policy object.  Through group policy management console.
 
0
 
simonseztechCommented:
You can configure the password policy settings in the following location in the Group Policy Object Editor:

Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy

If you’re on a stand-alone machine (no AD etc) and dealing with only local accounts, you can enable/disable the policy from:

Administrative Tools -> Local Security Policy -> Account Policies -> Password Policy.

Have a look at KB from microsoft
http://technet.microsoft.com/en-us/library/cc264456.aspx
0
 
Mike KlineCommented:
So you won't just be able to take the non-alphabetic characters out.  You will have to disable password must meet complexity requirements (in the domain linked GPO that others have mentioned)
http://technet.microsoft.com/en-us/library/cc786468(WS.10).aspx 
Thanks
Mike
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
oBdACommented:
Unless you feel like writing your own passfilt.dll, you'll have to resort to 3rd-party tools like "Password Policy Enforcer" (http://www.anixis.com/products/ppe/default.htm) or "Specops Password Policy" (http://www.specopssoft.com/web/specops-password-policy.aspx).
0
 
SEHCAuthor Commented:
is there a way to write a passfitt.dll?  do you have and links I can look at?
0
 
Mike KlineCommented:
If you want to attempt to do it yourself (if you have a strong programming backgorund) start here
http://msdn.microsoft.com/en-us/library/ms721882(VS.85).aspx
 I've personally never tried it.
Thanks
Mike
0
 
oBdACommented:
An example is here (requires free registration); should still work with W2k3:
Enforce Custom Password Policies in Windows
http://www.devx.com/security/Article/21522/0/page/1

But note especially the "Before you implement" section on page 2:
"Consider the following issues before you start coding your own Password Filters:
[...]
* Expect the unexpected. Because LSA loads password filters during start-up, if something goes wrong, your system may become inoperable or go into deadlock. To avoid this, develop and test your DLLs on machines that have at least two operating systems installed.
[...]

And if you're comparing DIY with prices for a 3rd-party tool, don't forget to take into account how much it costs if your AD comes to a grinding halt because of a malfunction in the filter (and who'll have to take all the blame for it).
0
 
PberSolutions ArchitectCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now