Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password Policies

Status
Not open for further replies.
GlenJohnson

GlenJohnson

MIS
Aug 2, 2001
5,203
US
My boss wants me to set up a password policy on a new w2k server that 1)Must start with an alphanumeric character, 2)Must be a minimum of 7 characters and maximum of 10 3)Must contain at least one number 4)Mayu contain A-Z,a-z, 0-9, @,# and _. 5)Must be upper and lower case sensitive. I have turned on the password must meet complexity rules, but I can't find out how to make it meet these requirements. Any Ideas. Glen
 
Sort by date Sort by votes
This is how I set it up from a Microsoft Article:The Passfilt.dll file implements the following password policy:

Passwords must be at least six (6) characters long.


Passwords must contain characters from at least three (3) of the following four (4) classes:


Description Examples
-------------------------------------------------------------------

English upper case letters A, B, C, ... Z
English lower case letters a, b, c, ... z
Westernized Arabic numerals 0, 1, 2, ... 9
Non-alphanumeric ("special characters") such as punctuation symbols
Passwords may not contain your user name or any part of your full name.


These requirements are hard-coded in the Passfilt.dll file and cannot be changed through the user interface or registry. If you wish to raise or lower these requirements, you must write your own .dll and implement it in the same fashion as the Microsoft version that is available with Windows NT 4.0 Service Pack 2.
How to Install Strong Password Filtering
To ensure Strong Password functionality occurs throughout your domain structure, make the following changes on all primary domain controllers (or stand-alone servers, where needed).

Passfilt.dll is not necessary on backup domain controllers since the PDC is the only machine where changes to the domain accounts database are made. However, it should be installed on all BDCs because they can be promoted to PDC. If a BDC without Passfilt.dll is promoted to PDC, then strong password enforcement will be lost but there will be no other adverse effects.

WARNING : Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT or Windows 2000, you should also update your Emergency Repair Disk (ERD).

Install the latest Windows NT 4.0 service pack.


Copy Passfilt.dll to the %SYSTEMROOT%\SYSTEM32 folder.


Start Registry Editor (Regedt32.exe).


Locate and click the following key in the registry:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
On the Edit menu, click Add Key , and then add the following registry key:
Notification Packages
NOTE : If the Notification Packages key already exists, proceed to the next step.


Click the Notification Packages key.


On the Edit menu, click Add Value , and then add the following registry value:
Value name: FPNWCLNT
Data type: REG_MULTI_SZ

Value data: PASSFILT
NOTE : If the FPNWCLNT value is already present:


Click the FPNWCLNT value.


On the Edit menu, click Multi String .


Type PASSFILT , and then click OK .


Quit Registry Editor.


Restart the computer.


For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
Q151082 Password Change Filtering & Notification in Windows NT
Q174075 Strong Passwords With Passfilt.dll Are Not Enforced
Q174076 Invalid Password Message When Strong Passwords Are Required
Microsoft Windows 2000
Strong Password Functionality Included with Microsoft Windows 2000
The functionality described above for the Passfilt.dll file for Windows NT 4.0 has been included in the operating system security components for Windows 2000. You can enable strong password enforcement in Windows 2000 by starting the Local Computer Policy snap-in and enabling the Passwords must meet complexity requirements setting in Computer Configuration\Windows Settings\Security Settings\AccountPolicies\Password Policy.

 
Upvote 0 Downvote
I've located the encable complex passwords in the snap-in. This is a W2K server, so I don't know if the instructions are the same for NT4.0. I did a search and couldn't find the dll file. I have enabled the complex passwords, but theres a column for effective settings that I can't change.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
294
strongm
strongm
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
312
penguinroundup
penguinroundup
TECHMAN007
  • Locked
  • Question
RD Web Password Change
Replies
0
Views
222
TECHMAN007
TECHMAN007
JoshuaThompson
  • Locked
  • Question
Software Deploy Group policies are not working at remote site
Replies
0
Views
159
JoshuaThompson
JoshuaThompson
greenwave2
  • Locked
  • Question
Server 2008 Active Directory Password Policies
Replies
0
Views
90
greenwave2
greenwave2

Part and Inventory Search

Sponsor

Back
Top