2 out of 4 password complexity requirements?

humbletech99 · #1 12-04-2007, 01:49 PM

I have a Windows 2003 Active Directory domain and am trying to increase the password complexity requirements.

However, it seems as though the password complexity requirements are an all or nothing setting. Either I can choose to have no password complexity enforced or users must use 3 out of the 4 character types which is actually pretty difficult to think up, remember and not write down etc.

Is there a way that I can enforce password creation of passwords that meet 2 out of 4 of the character types? (ie any 2 out of the 4 of lowercase, uppercase, numbers and symbols)

Monty007 · #2 12-18-2007, 03:43 AM

Hi, not that I know, what I do is a combination of 3, so lets say the password is a name, "snowy" with password complexity on it may become..."S1nowy1" so capitals and numbers are ok in a combination.

DaveC2003 · #3 12-18-2007, 05:47 AM

Have you used Group Policy?

You can create a group policy that can make the complexity of passwords as difficult or easy as you like.

You can even lock out accounts after how many times the user typed in the wrong password by mistake.

Recommend using the Group Policy Management Console compared to the one that originally came with Windows 2003 as it is much easier to understand.

You can download it from the link below.

http://www.microsoft.com/downloads/d...displaylang=en

humbletech99 · #4 12-18-2007, 09:45 AM

GPOs do not address the 2 out of 4 requirement. It has a generic "password complexity requirements" option but this is 3 out of 4 which my users would find a bit difficult.