Solved

Set Server 2012 AD password requirements to be a combination of all 4 requirements

Posted on 2016-09-12
2
52 Views
Last Modified: 2016-09-14
A certain client would like to make it so that user Active Directory passwords have to contain characters from all four (not just three) of the following four categories (see the screenshot):

-English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non alphabetic characters (for example, !, $, #, %)

Is there a way of making it so that all Active Directory account passwords must contain characters from all 4 of these categories (instead of simply requiring only three out of the four)?

Password complexity requirements
0
Comment
Question by:Knowledgeable
2 Comments
 
LVL 38

Accepted Solution

by:
Adam Brown earned 250 total points
ID: 41794520
You would have to utilize third party applications to accomplish this. Password complexity requirements are controlled by what is called a Password Filter, which is written and compiled as a DLL file that is installed on all systems that require increased or decreased password complexity requirements. You could potentially create your own password filter, but this is more complex and potentially dangerous than is warranted. https://anixis.com/default.htm has a good third party solution for allowing better customization of password policies, but in general, you're more or less stuck with what is described there when using just Windows.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41794595
I agree. Let me add: requiring all four makes, from the perspective of an attacker who is aware of this, a brute force attack easier, not harder. See http://openwall.info/wiki/john/policy
0

Join & Write a Comment

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now