Pages

Friday, February 13, 2015

Windows Server 2003 Password Policy Changes


Windows cannot set the password for (user) because: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.

This error is because the password you or the user has tried to enter does not meet the password policy set in Windows Server 2003.

As a Server Administrator, you may find yourself in a situation where you need to change this policy, for more complex or simpler passwords to appease corporate users. Below are the default password policy requirements.

Minimum password length:
This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0.
Default:
7 on domain controllers.
0 on stand-alone servers.

Password Complexity Requirements:
Not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters
Be at least six characters in length
Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
Complexity requirements are enforced when passwords are changed or created.
Default:
Enabled on domain controllers.
Disabled on stand-alone servers.

Maximum password age:
This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If the maximum password age is between 1 and 999 days, the Minimum password age must be less than the maximum password age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days.
Note: It is a security best practice to have passwords expire every 30 to 90 days, depending on your environment. This way, an attacker has a limited amount of time in which to crack a user’s password and have access to your network resources.
Default: 42.

To Change the Default Password Policy in Windows Server 2003

Select Domain Security Policy from Administrative Tools.
Click on Security Settings > Account Policies > Password Policy.

Right-click on Passwords must meet complexity requirements.

Click Properties from the context menu.

Do not remove the check from the Define this policy setting checkbox.
Select the Disabled option.
(This will allow less complex passwords)

Click the OK button.


Double-click on Minimum Password Length in the right pane.
Enter a new minimum password length. Entering Zero (0) will remove the password requirement.
Do not remove the check from the Define this policy setting checkbox.

Click the OK button.


Close the Default Domain Security Settings window.

Type gpupdate /force at the Command Prompt. This will refresh the security policy without restarting.

Press the Enter.

For more info visit;

http://www.iishacks.com/index.php/2007/09/24/windows-server-2003-password-policy-changes/

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.