Windows Server 2003: Product Help > Windows Server 2003 Product Help > Security > Security Configuration Manager > Security Configuration Manager Concepts > Using Security Configuration Manager > Security Setting Descriptions > Account Policies > Windows Server TechCenter > Windows Server 2003 Technical Library > Password Policy

Passwords must meet complexity requirements

Updated: January 21, 2005

Password must meet complexity requirements

Description

This security setting determines whether passwords must meet complexity requirements.

If this policy is enabled, passwords must meet the following minimum requirements when they are changed or created:

Not contain significant portions of the user's account name or full name

Be at least six characters in length

Contain characters from three of the following four categories:

English uppercase characters (A through Z)

English lowercase characters (a through z)

Base 10 digits (0 through 9)

Non-alphabetic characters (for example, !, $, #, %)

Important:

Complexity requirements are enforced when passwords are changed or created.

To create custom password filters, see the Microsoft Platform Software Development Kit and TechNet on the Microsoft Web site.

Default:

Enabled on domain controllers.

Disabled on stand-alone servers.

Note

By default, member computers follow the configuration of their domain controllers.

Configuring this security setting

You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\

For specific instructions about how to configure password policy settings, see Apply or modify password policy.

For more information, see:

Strong passwords

Password Best practices for passwords

Password Policy

Security Configuration Manager tools