Windows 2003 AD Password complexity

I have a windows 2003 functional level domain. I need to setup password complexity which is higher that the default settings below:
          "Password Must Meet Complexity Requirements – This setting, when enabled, determines whether passwords must meet complexity requirements. Enabling this is highly recommended. Complexity Requirements are as follows: -Cannot contain all or part of the username -Must be at least 6 characters long -Contain 3 of the 4 following character groups      – A to Z      – a to z      – 0 to 9      – Special Characters i.e. ! ^ $ * "

Basically I need ALL 4 requirements stated above including a minimum of 8 Characters, Caps, Lower case Numerical and symbol. Is this possible ?

padraic CarronIT SecurityAsked:
Who is Participating?
Mike KlineCommented:
Even in 2008 you can't do it natively (it is 3 of 5 in

There are third party tools like specops and others that can help.  Some places rollout their own filter (not easy and not recommended)


Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
You cannot.  Windows 2003 does not allow granular password policy.  For that you need 2008 or higher.
Also please become aware of the fact that enforcing 4/4 means to massively reduce the keyspace, making brute force attacks easier, not harder! Yes, you read right, please read
(This of course relies on the assumption that an attacker would know what password policies are enforced)

So 3/4 is reasonable.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.