Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Active Directory: Customize the Password must meet complexity requirements

Posted on 2010-09-01
9
Medium Priority
?
2,119 Views
Last Modified: 2012-05-10
HI,

I am looking to customize the Password must meet complexity requirements option in AD 2003 and 2008.  

We need to take out the Non-alphabetic characters from this policy.  

does anyone know how I can change the DLL for the policy?  and do you have instruction?
0
Comment
Question by:SEHC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 33578226
You change this in the group policy setting.  Usually in the default domain policy object.  Through group policy management console.
 
0
 
LVL 7

Expert Comment

by:simonseztech
ID: 33578233
You can configure the password policy settings in the following location in the Group Policy Object Editor:

Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy

If you’re on a stand-alone machine (no AD etc) and dealing with only local accounts, you can enable/disable the policy from:

Administrative Tools -> Local Security Policy -> Account Policies -> Password Policy.

Have a look at KB from microsoft
http://technet.microsoft.com/en-us/library/cc264456.aspx
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1000 total points
ID: 33578537
So you won't just be able to take the non-alphabetic characters out.  You will have to disable password must meet complexity requirements (in the domain linked GPO that others have mentioned)
http://technet.microsoft.com/en-us/library/cc786468(WS.10).aspx 
Thanks
Mike
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 85

Assisted Solution

by:oBdA
oBdA earned 1000 total points
ID: 33578863
Unless you feel like writing your own passfilt.dll, you'll have to resort to 3rd-party tools like "Password Policy Enforcer" (http://www.anixis.com/products/ppe/default.htm) or "Specops Password Policy" (http://www.specopssoft.com/web/specops-password-policy.aspx).
0
 
LVL 4

Author Comment

by:SEHC
ID: 33579090
is there a way to write a passfitt.dll?  do you have and links I can look at?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33579129
If you want to attempt to do it yourself (if you have a strong programming backgorund) start here
http://msdn.microsoft.com/en-us/library/ms721882(VS.85).aspx
 I've personally never tried it.
Thanks
Mike
0
 
LVL 85

Expert Comment

by:oBdA
ID: 33579279
An example is here (requires free registration); should still work with W2k3:
Enforce Custom Password Policies in Windows
http://www.devx.com/security/Article/21522/0/page/1

But note especially the "Before you implement" section on page 2:
"Consider the following issues before you start coding your own Password Filters:
[...]
* Expect the unexpected. Because LSA loads password filters during start-up, if something goes wrong, your system may become inoperable or go into deadlock. To avoid this, develop and test your DLLs on machines that have at least two operating systems installed.
[...]

And if you're comparing DIY with prices for a 3rd-party tool, don't forget to take into account how much it costs if your AD comes to a grinding halt because of a malfunction in the filter (and who'll have to take all the blame for it).
0
 
LVL 26

Expert Comment

by:Pber
ID: 34532803
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question