# Password complexity



## p0ng0 (Sep 15, 2007)

Hey Guys and Girls,

Does anybody know of a group policy or such, to customize the error messages as such the password complexity rule? A few users have had to come ask us exactly what is required for the password complexity and it would make much sense if we could indicate on the error what exactly is required.

Any directions on this?

Thanks!


----------



## digitalsatori (Apr 28, 2010)

There isn't a setting within AD that will allow you to change that password (at least, not one that I'm aware of). The error message should use the complexity requirements set in the GPO - does your error message not indicate what is required for the password to meet complexity requirements?

If you're getting this error message:
_Your password must be at least x characters; cannot repeat any of your previous x passwords; must contain capitals, numerals or punctuation; and cannot contain your account or full name. Please type a different password. Type a password which meets these requirements in both text boxes. _​There is a hot fix available at http://support.microsoft.com/kb/821425

Otherwise, your users should receive the following message (based on which options you have enabled in your GPO) if they don't meet complexity requirements:
_The password supplied does not meet the minimum complexity requirements. Please select another password that meets all of the following criteria: is at least x characters; has not been used in the previous x passwords; does not contain your account or full name; contains at least three of the following four character groups: English uppercase characters (A through Z); English lowercase characters (a through z); Numerals (0 through 9); Non-alphabetic characters (such as !, $, #, %)_​You might have some luck using Resource Hacker (http://www.angusj.com/resourcehacker/) to modify the loginui.dll or msgina.dll on the client computer to change the actual error message, but this may not be an ideal solution.

Hope this helps!


----------



## p0ng0 (Sep 15, 2007)

Well its not that i want to disable the complexity requirement - we endorse the requirement. I just want to be able to alter the error message the end user sees to make it simple.

i'll give the links a try.

Thanks!


----------



## ActiveSupport (Jun 22, 2010)

To turn password complexity off in Windows 2008 Server follow these steps:

run gpmc.msc (Group Policy Management)

Expand your Domain

Go to <Group Policy Objects> and select <Default Domain Policy>

Expand:
<Computer Configurations> <Policies> <Windows Settings> <Security Settings> <Account Policies> <Password Policy>

Disable Password Complexity.

This is the only way to disable Password Complexity in Server 2008. The local Security Policy can not be used for changing Password Complexity in Server 2008


----------



## p0ng0 (Sep 15, 2007)

Sorry i think you are slightly confused. I do not want to disable password complexity, i simply wanted to customize the error a user receives if their password is too weak.

Thanks!


----------



## Squashman (Apr 4, 2003)

Your only option is what Digitalsatori posted.


----------



## p0ng0 (Sep 15, 2007)

yep shall be researching into that option shortly.

thanks everyone.


----------

