[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Customize password complexity requirements

Posted on 2014-03-06
3
Medium Priority
?
270 Views
Last Modified: 2014-03-24
I want to change the password complexity requirements.
For example, I need use password:

8 lenght characters,
Required just numbers and letters lowercase or uppercase.
No allow account name
No allow my organization name
0
Comment
Question by:soporte_synergy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 14

Expert Comment

by:Zac Harris
ID: 39909718
Normally you would use Group Policy to accomplish this.

Here is some info for you...

from: Microsoft

1.Open Active Directory Users and Computers.

2.In the console tree, right-click the domain or organizational unit that you want to set Group Policy for.

3.Click Properties, and then click the Group Policy tab.

4.Click an entry in Group Policy Object Links to select an existing Group Policy object (GPO), and then click Edit. You can also click New to create a new GPO, and then click Edit.

5.In the console tree, click Password Policy (Group Policy Object [computer name] Policy/Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy)

6.In the details pane, right-click the policy setting that you want, and then click Properties.

7.If you are defining this policy setting for the first time, select the Define this policy setting check box.

8.Select the options that you want, and then click OK.

You will want to set: Password must meet complexity requirements and Minimum password length
0
 
LVL 83

Accepted Solution

by:
David Johnson, CD, MVP earned 1000 total points
ID: 39910683
you will need a 3rd party tool to enforce what you want.  The built in solution does not have those options.

What password complexitiy does support is:

1. Not contain significant portions of the user's account name or full name.

Actually:
We look at the entire Account Name and the Full Name. We ensure that the Password does not contain the entire name of either. We also parse through the Account Name and Full Name for delimiters: commas, periods, dashes/hyphens, underscores, spaces, pound-signs and tabs. If any are found, the Account Name or Full Name are split and all sections are verified not to be included in the password. We do not check for any character or any three characters in succession.

From this Technet article:
2. Be at least six characters in length.

Actually:
Password complexity does NOT check password length.

From this Technet article:
3. Contain characters from three of the following four categories:

    English uppercase characters (A through Z)
    English lowercase characters (a through z)
    Base 10 digits (0 through 9)
    Non-alphabetic characters (for example, !, $, #, %)

Actually:
It is three of 5 categories. The four categories listed above and a catch-all category of any Unicode character that does not fall under the above four categories. This fifth category can be regionally specific.

https://blogs.technet.com/b/askds/archive/2009/05/19/understanding-password-policies.aspx

You can use fine-grained password policy if you need different policies for different accounts.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39911919
And for a product recommendation:
http://anixis.com/products/ppe/ can do all that and much more. Simple, easy to learn, (for me) so far bug free and worth the money.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question