Problem with Local Password Policy

G

Guest

Guest
Archived from groups: microsoft.public.win2000.general (More info?)

I have a stand alone windows 2000 machine SP4 that I am trying to set up a
password policy to not allow blank passwords. I went into local security
policy and set minimum password length to 8 and that works when I try to
create a user with a blank password using computer management, but if I
create a user from user accounts in control panel it allows me to create the
user with no password. How can I restrict users with a blank password?
Thanks in advance.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general (More info?)

On Fri, 18 Mar 2005 10:52:50 -0500, "B Williams" <willdrama@hotmail.com> wrote:

>I have a stand alone windows 2000 machine SP4 that I am trying to set up a
>password policy to not allow blank passwords. I went into local security
>policy and set minimum password length to 8 and that works when I try to
>create a user with a blank password using computer management, but if I
>create a user from user accounts in control panel it allows me to create the
>user with no password. How can I restrict users with a blank password?
>Thanks in advance.
>
Set password must meet complexity requirements.

The password supplied does not meet the minimum complexity requirements. Please select another password that meets all of the following criteria:
is at least x characters;
has not been used in the previous x passwords;
does not contain your account or full name;
contains at least three of the following four character groups:

English uppercase characters (A through Z);
English lowercase characters (a through z);
Numerals (0 through 9);
Non-alphabetic characters (such as !, $, #, %)


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general (More info?)

I have that set. I even went so far as to use a template for a secure
workstation.
"Jerold Schulman" <Jerry@jsiinc.com> wrote in message
news:6v3m315d9ngheedasc22pmsq40f3t33dha@4ax.com...
> On Fri, 18 Mar 2005 10:52:50 -0500, "B Williams" <willdrama@hotmail.com>
> wrote:
>
>>I have a stand alone windows 2000 machine SP4 that I am trying to set up a
>>password policy to not allow blank passwords. I went into local security
>>policy and set minimum password length to 8 and that works when I try to
>>create a user with a blank password using computer management, but if I
>>create a user from user accounts in control panel it allows me to create
>>the
>>user with no password. How can I restrict users with a blank password?
>>Thanks in advance.
>>
> Set password must meet complexity requirements.
>
> The password supplied does not meet the minimum complexity requirements.
> Please select another password that meets all of the following criteria:
> is at least x characters;
> has not been used in the previous x passwords;
> does not contain your account or full name;
> contains at least three of the following four character groups:
>
> English uppercase characters (A through Z);
> English lowercase characters (a through z);
> Numerals (0 through 9);
> Non-alphabetic characters (such as !, $, #, %)
>
>
> Jerold Schulman
> Windows Server MVP
> JSI, Inc.
> http://www.jsiinc.com
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general (More info?)

Jerold Schulman wrote:
> On Fri, 18 Mar 2005 10:52:50 -0500, "B Williams" <willdrama@hotmail.com> wrote:
>
>
>>I have a stand alone windows 2000 machine SP4 that I am trying to set up a
>>password policy to not allow blank passwords. I went into local security
>>policy and set minimum password length to 8 and that works when I try to
>>create a user with a blank password using computer management, but if I
>>create a user from user accounts in control panel it allows me to create the
>>user with no password. How can I restrict users with a blank password?
>>Thanks in advance.
>>
>
> Set password must meet complexity requirements.
>
> The password supplied does not meet the minimum complexity requirements. Please select another password that meets all of the following criteria:
> is at least x characters;
> has not been used in the previous x passwords;
> does not contain your account or full name;
> contains at least three of the following four character groups:
>
> English uppercase characters (A through Z);
> English lowercase characters (a through z);
> Numerals (0 through 9);
> Non-alphabetic characters (such as !, $, #, %)

Password complexity depends on what the threat are. If someone might
be looking over your shoulder, you need uppercase and lowercase. Most
people can't hold more than 6 or 7 items in short-term memory ("Miller's
Number"). If there is a chance that somebody can do packet sniffing
and intercept packets holding passwords, you need encryption. If there
is a high bandwidth path to your machine such that many passwords can be
tried in a short time, a "dictionary" attack is a possibility and you
don't want ordinary words as passwords. If somebody knows you well,
they might know your wife's name, etc. FWIW, I once guessed a guy's
password (gdbagbag) because he was an organist and these were the first
notes of a well-known piece!

The other extreme is when you work in a secure environment. Only
cleared equipment, networks and people are present. So no passwords are
needed! Physical security is always the best!