Solved

Customize password complexity requirements

Posted on 2014-03-06
3
251 Views
Last Modified: 2014-03-24
I want to change the password complexity requirements.
For example, I need use password:

8 lenght characters,
Required just numbers and letters lowercase or uppercase.
No allow account name
No allow my organization name
0
Comment
Question by:soporte_synergy
3 Comments
 
LVL 14

Expert Comment

by:Zac Harris
ID: 39909718
Normally you would use Group Policy to accomplish this.

Here is some info for you...

from: Microsoft

1.Open Active Directory Users and Computers.

2.In the console tree, right-click the domain or organizational unit that you want to set Group Policy for.

3.Click Properties, and then click the Group Policy tab.

4.Click an entry in Group Policy Object Links to select an existing Group Policy object (GPO), and then click Edit. You can also click New to create a new GPO, and then click Edit.

5.In the console tree, click Password Policy (Group Policy Object [computer name] Policy/Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy)

6.In the details pane, right-click the policy setting that you want, and then click Properties.

7.If you are defining this policy setting for the first time, select the Define this policy setting check box.

8.Select the options that you want, and then click OK.

You will want to set: Password must meet complexity requirements and Minimum password length
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 39910683
you will need a 3rd party tool to enforce what you want.  The built in solution does not have those options.

What password complexitiy does support is:

1. Not contain significant portions of the user's account name or full name.

Actually:
We look at the entire Account Name and the Full Name. We ensure that the Password does not contain the entire name of either. We also parse through the Account Name and Full Name for delimiters: commas, periods, dashes/hyphens, underscores, spaces, pound-signs and tabs. If any are found, the Account Name or Full Name are split and all sections are verified not to be included in the password. We do not check for any character or any three characters in succession.

From this Technet article:
2. Be at least six characters in length.

Actually:
Password complexity does NOT check password length.

From this Technet article:
3. Contain characters from three of the following four categories:

    English uppercase characters (A through Z)
    English lowercase characters (a through z)
    Base 10 digits (0 through 9)
    Non-alphabetic characters (for example, !, $, #, %)

Actually:
It is three of 5 categories. The four categories listed above and a catch-all category of any Unicode character that does not fall under the above four categories. This fifth category can be regionally specific.

https://blogs.technet.com/b/askds/archive/2009/05/19/understanding-password-policies.aspx

You can use fine-grained password policy if you need different policies for different accounts.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39911919
And for a product recommendation:
http://anixis.com/products/ppe/ can do all that and much more. Simple, easy to learn, (for me) so far bug free and worth the money.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hallo! I guess almost every Windows Administrator must have got stumped with this question "Where does WINDOWS store a users cached credentials? Every user who had once logged onto a Server/Desktop while it was connected to the domain could sti…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now