How do I Modify Password Complexity Requirements?
I support a small organization that does not need super strict password requirements. My question is likely common, very straighforward, and I'm guessing a simple solution is available.Here it is:They have asked me to modify the password complexity to require following:English Uppercase -AND- LowercaseBase-10 digits (0-9) -OR- Non-alphanumeric (for example, !, $, #, %)Simple, right? There are no programmers, developers, or Senior Admins here so we just simply need to know how change this setting. Thanks in advance!
October 3rd, 2006 3:52am

This isn't an Exchange specific question, you should probably post this in the Windows forums, however since you took the time to post here is some information for you: from: http://technet2.microsoft.com/WindowsServer/en/library/47da8283-2c82-4f91-a148-a20a2e21a96f1033.mspx?mfr=true 1. Open Active Directory Users and Computers. 2. In the console tree, right-click the domain or organizational unit that you want to set Group Policy for. 3. Click Properties, and then click the Group Policy tab. 4. Click an entry in Group Policy Object Links to select an existing Group Policy object (GPO), and then click Edit. You can also click New to create a new GPO, and then click Edit. 5. In the console tree, click Password Policy (Group Policy Object [computer name] Policy/Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy) 6. In the details pane, right-click the policy setting that you want, and then click Properties. 7. If you are defining this policy setting for the first time, select the Define this policy setting check box. 8. Select the options that you want, and then click OK. You will want to set: Password must meet complexity requirements and Minimum password length
Free Windows Admin Tool Kit Click here and download it now
October 3rd, 2006 9:46am

With password complexity requirements enabled, it requires 3 out of 4 of the below:English uppercase characters (A through Z).English lowercase characters (a through z).Base-10 digits (0 through 9).Non-alphanumeric (for example, !, $, #, %). extended ASCII, symbolic, or linguistic characters.We're a small non-profit and just need 2 out of 4 for our minimal security needs. This should be a simple change, but no one anywhere seems to know how to make it.
October 3rd, 2006 10:04pm

There is no "easy" way to do this. You either take the built in method or you can build your own Group Policy extension. There might be some third party applications that alreadydo this but I have not used any.
Free Windows Admin Tool Kit Click here and download it now
October 5th, 2006 10:40am

Actually, there is no way to do this via group policy - unless something has changed in the Windows 2008 period, since the last time I faced this issue was a number of years ago now. What you are looking at is the requirement for writing a new password filter. The password filter from Microsoft is (or at least used to be) coded to either enforce complex passwords, for which the measurements are hard coded, or to not enforce them in which case you can obvisouly set the password to anything you want that still satisfies the remaining criteria like length. It does not matter whether you use the traditional GPO mechanism of modifying the default domain policy or whether you use the newer PSP objects, it's the filter located on the domain controllers that governs whether a password is complex enough. I realise you have no programmers so the following may not be of any interest to you, but that said here's two links that discuss the mechanics behind a password filter which you may wish to read out of curiosity. I haven't written a filter myself since probably around 2003, but it wasn't hard by any means. In any case though, unless something had changed in the 2008 era you can't do what you're asking with the default Microsoft password filter. Password filters Installing and registering a password filter (handy if you find one that does what you want and you truly feel you can trust the author/publisher - something I wouldn't be prepared to do, but this will at least arm you with information) Cheers, Lain
July 30th, 2010 2:49pm

Hi, I wrote a small program for this a while ago: http://logibit.se/ad-server-2008-r2-custom-password-policy/ That worked with passwdhk. Cheers, Henrik
Free Windows Admin Tool Kit Click here and download it now
October 10th, 2010 2:17pm

Hi, I wrote a small program for this a while ago: http://logibit.se/ad-server-2008-r2-custom-password-policy/ That worked with passwdhk. Cheers, Henrik
October 10th, 2010 9:15pm

Everone Explain only default policy, cant we change existing default policy as we wantMicrosoft TechNet Forum Bandara
Free Windows Admin Tool Kit Click here and download it now
March 16th, 2011 6:12am

Everone Explain only default policy, cant we change existing default policy as we want Microsoft TechNet Forum Bandara No. "Complexity" is defined by Microsoft. You can only enable it or disable it. Otherweise you need to do custom development. Mike Crowley Check out My Blog!
March 17th, 2011 8:33am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics