Wednesday, May 18, 2011

Microsoft Password Complexity Rules

Password complexity rules ensure a network password is more than just another PIN.


There are three main issues that Microsoft's password complexity rules cover. These are the default operating system settings, which characters are allowed to be used in a password and which collection of characters will be prevented from being used in the password.


Operating System Default Settings


Microsoft Windows Server 2003 and 2008 come preconfigured with the password complexity rule disabled, as does Windows XP. All three can be manually enabled by an authorized Administrator. When "Active Directory" is installed on a server, the complexity rule is automatically enabled and enforced.


Allowed Characters


A password can contain non-alphabetic characters (for example, %, # or !), upper case characters (A to Z), lower case characters (a to z), numeric characters (0 to 9), and a collection of Unicode characters that don't fall in the previously mentioned categories. When the complexity rule is enabled, passwords must contain at least three of the available five categories to meet the requirements.


Prevented Character Collections


When the complexity rule is enabled, users are prevented from incorporating their account name or full name into the password. When a password change is attempted, Windows first checks the requested password for this information. If found, it rejects the password change attempt and informs the user of the password requirements through an information window.







Tags: complexity rule, case characters, complexity rule enabled, complexity rules, password change, prevented from