Correct- GPO allows you to specify whether "passwords must meet complexity requirements" or not. But the actual "complexity requirement" itself is dictated by passfilt.dll, which lives on the DC that the user authenticates against when a password is set or changed. If you don't push out your custom passfilt.dll to all controllers, then the "default" passfilt.dll will be used when users change or set passwords on those controllers (the ones not customized). So, in that respect, it's not actually at the "domain level," but rather, at the "controller level."
t ------------ veni, vidi, veni denuo > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bean, John (DSHS) > Sent: Wednesday, August 15, 2007 9:25 AM > To: dubaisans dubai; [email protected] > Cc: Knowlton, Jay (DSHS/ISSD) > Subject: RE: Password complexity - improvement > > > > It is my understanding that your request to enforce all four properties > can only be enforced on the domain level. There is no way to have one > password complexity policy on the domain level and a second more > password complexity policy on a child OU. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of dubaisans dubai > Sent: Tuesday, August 14, 2007 11:15 PM > To: [email protected] > Subject: Password complexity - improvement > > Is there a way to improve the password complexity requirements in > Windows 2000/2003 servers > > The default will enforce 3 of the following 4 properties - Uppercase, > smallercase, numbers, special-characters. > > Is there a way to enforce all 4 properties. I donot want to install > third-party software > > I have read about customising passfilt.dll . Is that recommended. Does > MS provide a customised passfilt.dll for download and install. > > Are there any support issues if I go for something like this ? >
