Solved

Customize password complexity requirements

Posted on 2014-03-06
3
252 Views
Last Modified: 2014-03-24
I want to change the password complexity requirements.
For example, I need use password:

8 lenght characters,
Required just numbers and letters lowercase or uppercase.
No allow account name
No allow my organization name
0
Comment
Question by:soporte_synergy
3 Comments
 
LVL 14

Expert Comment

by:Zac Harris
ID: 39909718
Normally you would use Group Policy to accomplish this.

Here is some info for you...

from: Microsoft

1.Open Active Directory Users and Computers.

2.In the console tree, right-click the domain or organizational unit that you want to set Group Policy for.

3.Click Properties, and then click the Group Policy tab.

4.Click an entry in Group Policy Object Links to select an existing Group Policy object (GPO), and then click Edit. You can also click New to create a new GPO, and then click Edit.

5.In the console tree, click Password Policy (Group Policy Object [computer name] Policy/Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy)

6.In the details pane, right-click the policy setting that you want, and then click Properties.

7.If you are defining this policy setting for the first time, select the Define this policy setting check box.

8.Select the options that you want, and then click OK.

You will want to set: Password must meet complexity requirements and Minimum password length
0
 
LVL 79

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 39910683
you will need a 3rd party tool to enforce what you want.  The built in solution does not have those options.

What password complexitiy does support is:

1. Not contain significant portions of the user's account name or full name.

Actually:
We look at the entire Account Name and the Full Name. We ensure that the Password does not contain the entire name of either. We also parse through the Account Name and Full Name for delimiters: commas, periods, dashes/hyphens, underscores, spaces, pound-signs and tabs. If any are found, the Account Name or Full Name are split and all sections are verified not to be included in the password. We do not check for any character or any three characters in succession.

From this Technet article:
2. Be at least six characters in length.

Actually:
Password complexity does NOT check password length.

From this Technet article:
3. Contain characters from three of the following four categories:

    English uppercase characters (A through Z)
    English lowercase characters (a through z)
    Base 10 digits (0 through 9)
    Non-alphabetic characters (for example, !, $, #, %)

Actually:
It is three of 5 categories. The four categories listed above and a catch-all category of any Unicode character that does not fall under the above four categories. This fifth category can be regionally specific.

https://blogs.technet.com/b/askds/archive/2009/05/19/understanding-password-policies.aspx

You can use fine-grained password policy if you need different policies for different accounts.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39911919
And for a product recommendation:
http://anixis.com/products/ppe/ can do all that and much more. Simple, easy to learn, (for me) so far bug free and worth the money.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article covers how to install the Microsoft Windows Operating System (OS). What is covered in this article:  > Different Versions and Editions of the Windows OS  > Upgrading versus Fresh Installation of the OS           - Steps to take pr…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question