I run an AD domain (Server 2003 native) with a few hundred users. I've moved all the accounts I can away from passwords over to 2 factor authentication but some people, such as devopers, need to do things that still require good old fashion passwords. For these guys I have fairly stiff password requirements (14 char, complex, remember last 10, change every 30 days etc.). However I'm still worried some some people are using passwords too easy, like keyboard walks or a short word 4 times etc. I know there are ways of using custom Ella to force stronger password requirements than windows normally supports but I don't like swapping out dlls like that. I remember an admin telling me he had something like a brute force password cracker running on his dc's and every so often it would crack an account so he could go yell at the user for using too simple of a password. I want to do something like this however to combat an actual brute force I have an ago account lockout policy of 3 I don't want to change and I don't want to keep locking out everyones accounts with the cracker. How can I do this?