ProblemYou want to enforce the use of strong passwords for user accounts. SolutionUsing a graphical user interface
This setting does not have any effect on users' current passwords. Password complexity is required only after the next password change for each user. For more on how to force users to change their passwords, see Recipe 6.21 in Active Directory Cookbook (O'Reilly). DiscussionMost users, if given a choice, pick really simple and easy-to-remember passwords. No matter how tight the security is on your systems, if an attacker can crack a user's password, it is all for naught. To combat this, you can enable password complexity on the Default Domain GPO to require users to choose a password that meets the following criteria:
By enabling this, you can feel a little better that once users change passwords, they won't choose something trivial (although passwords such as "Mypassword!" still pass the complexity test). See AlsoMS KB 225230, "Enabling Strong Password Functionality in Windows 2000" |