Complex passwords

I would like to enable the complex password requirment on my Windows
2003 network. What will be the reprocutions? Will the network require
everyone to change their password the next time they log in if their
password does not meet the requirment? Or will it wait until the
password has expired and then require the complex password?

Hi Matt,

once users password expire they will be required to choose complex password.

--
Mike
Microsoft MVP - Windows Security

"Matt Scoff" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I would like to enable the complex password requirment on my Windows
> 2003 network. What will be the reprocutions? Will the network require
> everyone to change their password the next time they log in if their
> password does not meet the requirment? Or will it wait until the
> password has expired and then require the complex password?

Thanks Miha,

When I changed this setting I noticed that the Minimum password length
stayed the same in GP. Our setting was 5. The microsoft default
setting for complex passwords states that you must have a minimum of 6
characters.
What should I do? Change the minimum to 6? If I change this will it
make everyone who has a password that is 5 characters change their
password now or wait till their password expires? If I leave it at 5
will the minimum password length be 5 or 6 when a complex password is
required?

Thanks again for your help!

On Thu, 27 Apr 2006 19:37:10 +0200, "Miha Pihler [MVP]"
<mihap-(E-Mail Removed)> wrote:

>Hi Matt,
>
>once users password expire they will be required to choose complex password.

Hi,



I believe that after you enable complex password it will require all users
to have password longer then 6 characters -- regardless of what you set
under "minimum password length"... So after you enable password complexity
and after user's current password expires they will have to choose a
password that is at least 6 characters long and complex by other
requirements.



--
Mike
Microsoft MVP - Windows Security


"Matt Scoff" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks Miha,
>
> When I changed this setting I noticed that the Minimum password length
> stayed the same in GP. Our setting was 5. The microsoft default
> setting for complex passwords states that you must have a minimum of 6
> characters.
> What should I do? Change the minimum to 6? If I change this will it
> make everyone who has a password that is 5 characters change their
> password now or wait till their password expires? If I leave it at 5
> will the minimum password length be 5 or 6 when a complex password is
> required?
>
> Thanks again for your help!
>
> On Thu, 27 Apr 2006 19:37:10 +0200, "Miha Pihler [MVP]"
> <mihap-(E-Mail Removed)> wrote:
>
>>Hi Matt,
>>
>>once users password expire they will be required to choose complex
>>password.
>

It's a little confusing... I was experimenting with a user who's
password expired after changing the complex password option. When you
change your password and you do not choose one that is complex then
windows tells you what the complex password requirement is. In this
case it said it must be 5 characters minimum. I changed this setting
to be 6 characters in GP and rebooted my PC. The next time I received
the window that explains the password requirement it said minimum
characters 6. It appears that the minimum character requirement
overwrites the complex requirement. I did not try a complex 5
character password to verify, though.

I'm also not certain that when I changed the 5 character minimum to 6
characters if it forces anyone currently with a 5 character password
to change it now, before it expired. Probably not, but I suspect a low
percentage of users had a 5 character password.




On Wed, 3 May 2006 21:58:10 +0200, "Miha Pihler [MVP]"
<mihap-(E-Mail Removed)> wrote:

>Hi,
>
>
>
>I believe that after you enable complex password it will require all users
>to have password longer then 6 characters -- regardless of what you set
>under "minimum password length"... So after you enable password complexity
>and after user's current password expires they will have to choose a
>password that is at least 6 characters long and complex by other
>requirements.

If you change minimum password length -- no one will be forced to change
their length until their current password expires. Only once password
expires and users enters new one is password examined against password
filters that you set up.

--
Mike
Microsoft MVP - Windows Security

"Matt Scoff" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> It's a little confusing... I was experimenting with a user who's
> password expired after changing the complex password option. When you
> change your password and you do not choose one that is complex then
> windows tells you what the complex password requirement is. In this
> case it said it must be 5 characters minimum. I changed this setting
> to be 6 characters in GP and rebooted my PC. The next time I received
> the window that explains the password requirement it said minimum
> characters 6. It appears that the minimum character requirement
> overwrites the complex requirement. I did not try a complex 5
> character password to verify, though.
>
> I'm also not certain that when I changed the 5 character minimum to 6
> characters if it forces anyone currently with a 5 character password
> to change it now, before it expired. Probably not, but I suspect a low
> percentage of users had a 5 character password.
>
>
>
>
> On Wed, 3 May 2006 21:58:10 +0200, "Miha Pihler [MVP]"
> <mihap-(E-Mail Removed)> wrote:
>
>>Hi,
>>
>>
>>
>>I believe that after you enable complex password it will require all users
>>to have password longer then 6 characters -- regardless of what you set
>>under "minimum password length"... So after you enable password complexity
>>and after user's current password expires they will have to choose a
>>password that is at least 6 characters long and complex by other
>>requirements.
>