Windows 2008R2 ADDS :Deny some word in password policy

Georges Orwell
Georges Orwell used Ask the Experts™
on
Hi all,

I have forest with only one domain with 6 dc  (3 2008R2 and 3 2012R2).
I have a big  problem with the password policy and users wich they are able to choose password with corporate name.
There is a way to deny a liste of password in Domain Security Policy or elsewhere.

Thanks

0rwell
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Systems engineer
Top Expert 2008
Commented:
Builtin complex password requirement will restrict users from using passwords that contain words from displayName. If entering company name in display name like "John Doe Company", the user will not be able to use any of those words.
https://technet.microsoft.com/en-us/library/cc786468(v=ws.10).aspx

If you want more control of the passwords than the builtin complex feature, you need to find a third party passfilt solution. nFront security looks to do what you want.
http://nfrontsecurity.com/products/nfront-password-filter/
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
There is NO way natively to restrict what password phrases are used by a user. As stated Windows has built in mechanisms that will not allow part of the users name etc. But to specifically deny a specific word is not acheivable, natively.

Will.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial