Windows 2003 AD Password complexity

Hi,
I have a windows 2003 functional level domain. I need to setup password complexity which is higher that the default settings below:
          "Password Must Meet Complexity Requirements – This setting, when enabled, determines whether passwords must meet complexity requirements. Enabling this is highly recommended. Complexity Requirements are as follows: -Cannot contain all or part of the username -Must be at least 6 characters long -Contain 3 of the 4 following character groups      – A to Z      – a to z      – 0 to 9      – Special Characters i.e. ! ^ $ * "

Basically I need ALL 4 requirements stated above including a minimum of 8 Characters, Caps, Lower case Numerical and symbol. Is this possible ?

Thanks
padraic CarronIT SecurityAsked:
Who is Participating?
 
Mike KlineCommented:
Even in 2008 you can't do it natively (it is 3 of 5 in https://technet.microsoft.com/en-us/library/cc786468%28v=ws.10%29.aspx)

There are third party tools like specops and others that can help.  Some places rollout their own filter (not easy and not recommended)

Thanks

Mike
0
 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
You cannot.  Windows 2003 does not allow granular password policy.  For that you need 2008 or higher.
0
 
McKnifeCommented:
Also please become aware of the fact that enforcing 4/4 means to massively reduce the keyspace, making brute force attacks easier, not harder! Yes, you read right, please read http://openwall.info/wiki/john/policy
(This of course relies on the assumption that an attacker would know what password policies are enforced)

So 3/4 is reasonable.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.