Re: [tech4all] Windows 2003 server

Mon, 01 May 2006 00:15:51 -0700

From support:

For Windows 2000, Windows XP, and Windows Server 2003 there are five settings you can configure that relate to password characteristics: Enforce password history, Maximum password age, Minimum password age, Minimum password length, and Passwords must meet complexity requirements. For help in determining values for these settings that match the business requirements of your organization, see "Selecting Secure Passwords" in the Security Guidance Kit.
•
Enforce password history determines the number of unique new passwords a user must use before an old password can be reused. The value of this setting can be between 0 and 24; if this value is set to 0, enforce password history is disabled. For most organizations, set this value to 24 passwords.
•
Maximum password age determines how many days a password can be used before the user is required to change it. The value of this between 0 and 999; if it is set to 0, passwords never expire. Setting this value too low can cause a frustration for your users; setting it too high or disabling it gives potential attackers more time to determine passwords. For most organizations, set this value to 42 days.
•
Minimum password age determines how many days a user must keep new passwords before they can change them. This setting is designed to work with the Enforce password history setting so that users cannot quickly reset their passwords the required number of times and then change back to their old passwords. The value of this setting can be between 0 and 999; if it is set to 0, users can immediately change new passwords. It is recommended that you set this value to 2 days.
•
Minimum password length determines how short passwords can be. Although Windows 2000, Windows XP, and Windows Server 2003 support passwords up to 28 characters, the value of this setting can be only between 0 and 4 characters. If it is set to 0, users are allowed to have blank passwords, so you should not use a value of 0. It is recommended that you set this value to 8 characters.
•
Passwords must meet complexity requirements determines whether password complexity is enforced. If this setting is enabled, user passwords meet the following requirements:
•
The password is at least six characters long.
•
The password contains characters from at least three of the following five categories:
•
English uppercase characters (A - Z)
•
English lowercase characters (a - z)
•
Base 10 digits (0 - 9)
•
Non-alphanumeric (For example: !, $, #, or %)
•
Unicode characters
•
The password does not contain three or more characters from the user's account name.
If the account name is less than three characters long, this check is not performed because the rate at which passwords would be rejected is too high. When checking against the user's full name, several characters are treated as delimiters that separate the name into individual tokens: commas, periods, dashes/hyphens, underscores, spaces, pound-signs and tabs. For each token that is three or more characters long, that token is searched for in the password; if it is present the password change is rejected. For example, the name "Erin M. Hagens" would be split into three tokens: "Erin," "M," and "Hagens." Because the second token is only one character long, it would be ignored. Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password. All of these checks are case insensitive.
These complexity requirements are enforced upon password change or creation of new passwords. It is recommended that you enable this setting.


Ravi krishna raj K <[EMAIL PROTECTED]> wrote:
Hi friends,
 
I got problem in creating domain user in windows 2003 server, when i am creating a user in active directory, i got an error message:
 
"Windows cannot create the object name because: Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement of the domain."
 
Not able to create the user in my server.
 
can anyone give me the soultion for this problem.
 
 
Regards,
 
Ravi
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.

Yahoo! Mail goes everywhere you do. Get it on your phone.

SPONSORED LINKS
Technical support Computer security Computer technical support
Computer training Free computer technical support

YAHOO! GROUPS LINKS



Reply via email to