Active Directory: Customize the Password must meet complexity requirements

Posted on 2010-09-01
Last Modified: 2012-05-10

I am looking to customize the Password must meet complexity requirements option in AD 2003 and 2008.  

We need to take out the Non-alphabetic characters from this policy.  

does anyone know how I can change the DLL for the policy?  and do you have instruction?
Question by:SEHC
LVL 22

Expert Comment

by:Matt V
ID: 33578226
You change this in the group policy setting.  Usually in the default domain policy object.  Through group policy management console.

Expert Comment

ID: 33578233
You can configure the password policy settings in the following location in the Group Policy Object Editor:

Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy

If you’re on a stand-alone machine (no AD etc) and dealing with only local accounts, you can enable/disable the policy from:

Administrative Tools -> Local Security Policy -> Account Policies -> Password Policy.

Have a look at KB from microsoft
LVL 57

Accepted Solution

Mike Kline earned 250 total points
ID: 33578537
So you won't just be able to take the non-alphabetic characters out.  You will have to disable password must meet complexity requirements (in the domain linked GPO that others have mentioned) 
LVL 83

Assisted Solution

oBdA earned 250 total points
ID: 33578863
Unless you feel like writing your own passfilt.dll, you'll have to resort to 3rd-party tools like "Password Policy Enforcer" ( or "Specops Password Policy" (
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.


Author Comment

ID: 33579090
is there a way to write a passfitt.dll?  do you have and links I can look at?
LVL 57

Expert Comment

by:Mike Kline
ID: 33579129
If you want to attempt to do it yourself (if you have a strong programming backgorund) start here
 I've personally never tried it.
LVL 83

Expert Comment

ID: 33579279
An example is here (requires free registration); should still work with W2k3:
Enforce Custom Password Policies in Windows

But note especially the "Before you implement" section on page 2:
"Consider the following issues before you start coding your own Password Filters:
* Expect the unexpected. Because LSA loads password filters during start-up, if something goes wrong, your system may become inoperable or go into deadlock. To avoid this, develop and test your DLLs on machines that have at least two operating systems installed.

And if you're comparing DIY with prices for a 3rd-party tool, don't forget to take into account how much it costs if your AD comes to a grinding halt because of a malfunction in the filter (and who'll have to take all the blame for it).
LVL 26

Expert Comment

ID: 34532803
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now