|
web
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Problem with Local Password PolicyI have a stand alone windows 2000 machine SP4 that I am trying to set up a
password policy to not allow blank passwords. I went into local security policy and set minimum password length to 8 and that works when I try to create a user with a blank password using computer management, but if I create a user from user accounts in control panel it allows me to create the user with no password. How can I restrict users with a blank password? Thanks in advance. On Fri, 18 Mar 2005 10:52:50 -0500, "B Williams" <willdr***@hotmail.com> wrote: Set password must meet complexity requirements.>I have a stand alone windows 2000 machine SP4 that I am trying to set up a >password policy to not allow blank passwords. I went into local security >policy and set minimum password length to 8 and that works when I try to >create a user with a blank password using computer management, but if I >create a user from user accounts in control panel it allows me to create the >user with no password. How can I restrict users with a blank password? >Thanks in advance. > The password supplied does not meet the minimum complexity requirements. Please select another password that meets all of the following criteria: is at least x characters; has not been used in the previous x passwords; does not contain your account or full name; contains at least three of the following four character groups: English uppercase characters (A through Z); English lowercase characters (a through z); Numerals (0 through 9); Non-alphabetic characters (such as !, $, #, %) Jerold Schulman Windows Server MVP JSI, Inc. http://www.jsiinc.com I have that set. I even went so far as to use a template for a secure
workstation. Show quoteHide quote "Jerold Schulman" <Je***@jsiinc.com> wrote in message news:6v3m315d9ngheedasc22pmsq40f3t33dha@4ax.com... > On Fri, 18 Mar 2005 10:52:50 -0500, "B Williams" <willdr***@hotmail.com> > wrote: > >>I have a stand alone windows 2000 machine SP4 that I am trying to set up a >>password policy to not allow blank passwords. I went into local security >>policy and set minimum password length to 8 and that works when I try to >>create a user with a blank password using computer management, but if I >>create a user from user accounts in control panel it allows me to create >>the >>user with no password. How can I restrict users with a blank password? >>Thanks in advance. >> > Set password must meet complexity requirements. > > The password supplied does not meet the minimum complexity requirements. > Please select another password that meets all of the following criteria: > is at least x characters; > has not been used in the previous x passwords; > does not contain your account or full name; > contains at least three of the following four character groups: > > English uppercase characters (A through Z); > English lowercase characters (a through z); > Numerals (0 through 9); > Non-alphabetic characters (such as !, $, #, %) > > > Jerold Schulman > Windows Server MVP > JSI, Inc. > http://www.jsiinc.com Jerold Schulman wrote:
Show quoteHide quote > On Fri, 18 Mar 2005 10:52:50 -0500, "B Williams" <willdr***@hotmail.com> wrote: Password complexity depends on what the threat are. If someone might > > >>I have a stand alone windows 2000 machine SP4 that I am trying to set up a >>password policy to not allow blank passwords. I went into local security >>policy and set minimum password length to 8 and that works when I try to >>create a user with a blank password using computer management, but if I >>create a user from user accounts in control panel it allows me to create the >>user with no password. How can I restrict users with a blank password? >>Thanks in advance. >> > > Set password must meet complexity requirements. > > The password supplied does not meet the minimum complexity requirements. Please select another password that meets all of the following criteria: > is at least x characters; > has not been used in the previous x passwords; > does not contain your account or full name; > contains at least three of the following four character groups: > > English uppercase characters (A through Z); > English lowercase characters (a through z); > Numerals (0 through 9); > Non-alphabetic characters (such as !, $, #, %) be looking over your shoulder, you need uppercase and lowercase. Most people can't hold more than 6 or 7 items in short-term memory ("Miller's Number"). If there is a chance that somebody can do packet sniffing and intercept packets holding passwords, you need encryption. If there is a high bandwidth path to your machine such that many passwords can be tried in a short time, a "dictionary" attack is a possibility and you don't want ordinary words as passwords. If somebody knows you well, they might know your wife's name, etc. FWIW, I once guessed a guy's password (gdbagbag) because he was an organist and these were the first notes of a well-known piece! The other extreme is when you work in a secure environment. Only cleared equipment, networks and people are present. So no passwords are needed! Physical security is always the best! 
Other interesting topics
Stop Error Message
win2000 makes files readonly on CD SUS Client access Testing Windows 2003 with Exchange 2003 - Advice needed Can't change icon in shortcut Need to open port 25 Mysterious loss of network connection Administrative tools Excessively long log-on time Computer Will Not Connect to Internet |
|||||||||||||||||||||||
