Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Set Server 2012 AD password requirements to be a combination of all 4 requirements

Posted on 2016-09-12
2
Medium Priority
?
190 Views
Last Modified: 2016-09-14
A certain client would like to make it so that user Active Directory passwords have to contain characters from all four (not just three) of the following four categories (see the screenshot):

-English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non alphabetic characters (for example, !, $, #, %)

Is there a way of making it so that all Active Directory account passwords must contain characters from all 4 of these categories (instead of simply requiring only three out of the four)?

Password complexity requirements
0
Comment
Question by:Knowledgeable
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 43

Accepted Solution

by:
Adam Brown earned 1000 total points
ID: 41794520
You would have to utilize third party applications to accomplish this. Password complexity requirements are controlled by what is called a Password Filter, which is written and compiled as a DLL file that is installed on all systems that require increased or decreased password complexity requirements. You could potentially create your own password filter, but this is more complex and potentially dangerous than is warranted. https://anixis.com/default.htm has a good third party solution for allowing better customization of password policies, but in general, you're more or less stuck with what is described there when using just Windows.
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 41794595
I agree. Let me add: requiring all four makes, from the perspective of an attacker who is aware of this, a brute force attack easier, not harder. See http://openwall.info/wiki/john/policy
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question