Change password complexity windows 2003 server

The following table lists the actual and effective default policy values. Default values are also listed on the policy's property page. This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.

Passwords that contain only alphanumeric characters are easy to discover with several publicly available tools. Configure the Passwords must meet complexity requirements policy setting to Enabled and advise users to use a variety of characters in their passwords. When combined with a Minimum password length of 8, this policy setting ensures that the number of different possibilities for a single password is so great that it's difficult but possible for a brute force attack to succeed. If the Minimum password length policy setting is increased, the average amount of time necessary for a successful attack also increases.

If the default configuration for password complexity is kept, more Help Desk calls for locked-out accounts could occur because users might not be used to passwords that contain non-alphabetical characters, or they might have problems entering passwords that contain accented characters or symbols on keyboards with different layouts.

However, all users should be able to follow the complexity requirement with minimal difficulty. If your organization has more stringent security requirements, you can create a custom version of the Passfilt. For example, a custom password filter might require the use of non-upper-row symbols. Upper-row symbols are those symbols that require you to press and hold the SHIFT key and then press any of the keys on the number row of the keyboard, from 1 through 9 and 0.

A custom password filter might also perform a dictionary check to verify that the proposed password doesn't contain common dictionary words or fragments. However, such stringent password requirements might result in more Help Desk requests. Alternatively, your organization could consider a requirement for all administrator passwords to use ALT characters in the — range.

ALT characters outside of this range can represent standard alphanumeric characters that wouldn't add more complexity to the password.

Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Hopefully will happen soon. I've just checked with my own standard domain account and it worked without any problems. Same issue. You mention however to do a full system reboot - I am not sure how that affects things, but I can certainly try.

Although this was checked on my account mentioned above, where I was actually able to change the password without issues. Probably it is not the complexity that is the problem but that the user tries to reuse an old password.

The error can be a bit misleading also in german. Does the computer in question have the correct GPO applied? You tried with your account on that users computer and it worked? Are there any errors in Windows Event Viewer on the computers, Group policy errors.

Brand Representative for Specops. Normally it's because the password doesn't meet the rules or as mentioned above the password has been used before, but it could just be that one or more of your DC's is experiencing a little "trouble". Have you tried changing the password on another DC?

Have you rebooted your DC's to see if the issue goes away? It can't be PC related, as I have tried to change the user's password logged on a different PC and got the same error. That's where I was looking - it was already 'deactivated'. I have also tried to change the minimal password age for 0 days. How do I find out? Sorry, I am still not that familiar with the group policy environment.. You're just looking to see what policies apply and if it gives you any clues about passwords. Which I suspect it won't.

Then see if that policy gets applied using gpresult and maybe it will allow changes. This is where the password policy is set. To make users change passwords at their next logon, you can select all, right click, and select Properties from ADUC and put a check in the box that makes users change passwords at next logon, or you can script it in any number of languages, like batch, PowerShell, or VBscript.

You will need to configure the password settings in a group policy object linked at the domain level. This will more than likely be the "default domain policy" if you are running a default type setup.

In the GPMC right click the policy and choose "edit To force users to change their password every 4 months; edit the Maximum Password Age and set it to days. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Asked 9 years, 6 months ago. Active 9 years, 6 months ago.

Viewed 5k times. Improve this question. Jake A. Jake A Jake A 1 1 gold badge 10 10 silver badges 22 22 bronze badges. With a domain, you may only have a single password policy for the enitre domain. Add a comment. Active Oldest Votes.