Customize password complexity requirements

I want to change the password complexity requirements.
For example, I need use password:

8 lenght characters,
Required just numbers and letters lowercase or uppercase.
No allow account name
No allow my organization name
soporte_synergyAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
you will need a 3rd party tool to enforce what you want.  The built in solution does not have those options.

What password complexitiy does support is:

1. Not contain significant portions of the user's account name or full name.

Actually:
We look at the entire Account Name and the Full Name. We ensure that the Password does not contain the entire name of either. We also parse through the Account Name and Full Name for delimiters: commas, periods, dashes/hyphens, underscores, spaces, pound-signs and tabs. If any are found, the Account Name or Full Name are split and all sections are verified not to be included in the password. We do not check for any character or any three characters in succession.

From this Technet article:
2. Be at least six characters in length.

Actually:
Password complexity does NOT check password length.

From this Technet article:
3. Contain characters from three of the following four categories:

    English uppercase characters (A through Z)
    English lowercase characters (a through z)
    Base 10 digits (0 through 9)
    Non-alphabetic characters (for example, !, $, #, %)

Actually:
It is three of 5 categories. The four categories listed above and a catch-all category of any Unicode character that does not fall under the above four categories. This fifth category can be regionally specific.

https://blogs.technet.com/b/askds/archive/2009/05/19/understanding-password-policies.aspx

You can use fine-grained password policy if you need different policies for different accounts.
0
 
Zac HarrisSystems Administrator Commented:
Normally you would use Group Policy to accomplish this.

Here is some info for you...

from: Microsoft

1.Open Active Directory Users and Computers.

2.In the console tree, right-click the domain or organizational unit that you want to set Group Policy for.

3.Click Properties, and then click the Group Policy tab.

4.Click an entry in Group Policy Object Links to select an existing Group Policy object (GPO), and then click Edit. You can also click New to create a new GPO, and then click Edit.

5.In the console tree, click Password Policy (Group Policy Object [computer name] Policy/Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy)

6.In the details pane, right-click the policy setting that you want, and then click Properties.

7.If you are defining this policy setting for the first time, select the Define this policy setting check box.

8.Select the options that you want, and then click OK.

You will want to set: Password must meet complexity requirements and Minimum password length
0
 
McKnifeCommented:
And for a product recommendation:
http://anixis.com/products/ppe/ can do all that and much more. Simple, easy to learn, (for me) so far bug free and worth the money.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.