Windows Vista, Windows ServerWindows 7, Windows 8.
The password you entered doesn't meet password policy requirements
This security policy reference topic for the IT professional describes the best practices, location, values, and security considerations for this policy setting. The Passwords must meet complexity requirements policy setting determines whether passwords must meet a series of guidelines that are considered important for a strong password. Enabling this policy setting requires passwords to meet the following requirements:.
Both checks are not case sensitive. The samAccountName is checked in its entirety only to determine whether it is part of the password. If the samAccountName is less than three characters long, this check is skipped.
The displayName is parsed for delimiters: If any of these delimiters are found, the displayName is split and all parsed sections tokens are confirmed to not be included in the password. Tokens that are less than three characters are ignored, and substrings of the tokens are not checked.
For example, the name "Erin M. Hagens" is split into three tokens: Because the second token is only one character long, it is ignored. Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password. Uppercase letters of European languages A through Z, with diacritic marks, Greek and Cyrillic characters. Lowercase letters of European languages a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters. Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase."Password does not meet the passord policy requirments."
This includes Unicode characters from Asian languages. The rules that are included in the Windows Server password complexity requirements are part of Passfilt. Enabling the default Passfilt.
However, this policy setting is liberal enough that all users should be able to abide by the requirements with a minor learning curve. Additional settings that can be included in a custom Passfilt. This policy setting is supported on versions of Windows that are designated in the Applies To list at the beginning of this topic. Set Passwords must meet complexity requirements to Enabled. This makes a brute force attack difficult, but still not impossible. The use of ALT key character combinations can greatly enhance the complexity of a password.
However, requiring all users in an organization to adhere to such stringent password requirements can result in unhappy users and an extremely busy Help Desk. Consider implementing a requirement in your organization to use ALT characters in the range from through as part of all administrator passwords.
ALT characters outside of this range can represent standard alphanumeric characters that do not add additional complexity to the password. Passwords that contain only alphanumeric characters are easy to compromise by using publicly available tools.
To prevent this, passwords should contain additional characters and meet complexity requirements. The following table lists the actual and effective default policy values for the most recent supported versions of Windows. There are no differences in the way this policy setting works between supported versions of Windows. This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
Passwords that contain only alphanumeric characters are extremely easy to discover with several publicly available tools. Configure the Passwords must meet complexity requirements policy setting to Enabled and advise users to use a variety of characters in their passwords. When combined with a Minimum password length of 8, this policy setting ensures that the number of different possibilities for a single password is so great that it is difficult but not impossible for a brute force attack to succeed.
If the Minimum password length policy setting is increased, the average amount of time necessary for a successful attack also increases. If the default password complexity configuration is retained, additional Help Desk calls for locked-out accounts could occur because users might not be accustomed to passwords that contain non-alphabetical characters, or they might have problems entering passwords that contain accented characters or symbols on keyboards with different layouts.
However, all users should be able to comply with the complexity requirement with minimal difficulty. If your organization has more stringent security requirements, you can create a custom version of the Passfilt.
For example, a custom password filter might require the use of non-upper-row symbols. Upper-row symbols are those that require you to press and hold the SHIFT key and then press any of the digits between 1 and 0.
A custom password filter might also perform a dictionary check to verify that the proposed password does not contain common dictionary words or fragments. However, such stringent password requirements can result in additional Help Desk requests. Alternatively, your organization could consider a requirement for all administrator passwords to use ALT characters in the — range.
ALT characters outside of this range can represent standard alphanumeric characters that would not add additional complexity to the password. Products Windows Windows Server System Center Microsoft Edge. Office Office Exchange Server. Resources Channel 9 Video Evaluation Center Learning Resources Microsoft Tech Companion App Microsoft Technical Communities Microsoft Virtual Academy Script Center Server and Tools Blogs TechNet Blogs.
TechNet Flash Newsletter TechNet Gallery TechNet Library TechNet Magazine TechNet Wiki Windows Sysinternals Virtual Labs. Solutions Networking Cloud and Datacenter Security Virtualization. Updates Service Packs Security Bulletins Windows Update. Related Sites Microsoft Download Center TechNet Evaluation Center Drivers Windows Sysinternals TechNet Gallery. Training Expert-led, virtual classes Training Catalog Class Locator Microsoft Virtual Academy Free Windows Server courses Free Windows 8 courses SQL Server training Microsoft Official Courses On-Demand.
Certifications Certification overview MCSA: Windows 10 Windows Server Certification MCSE Private Cloud Certification MCSE SQL Server Certification MCSE. Other resources Microsoft Events Second shot for certification Born To Learn blog Find technical communities in your area. Support options For business For developers For IT professionals For technical support Support offerings.
Not an IT pro? Microsoft Customer Support Microsoft Community Forums. United States English Sign in. Home Windows Server Windows Server R2 Windows Server R2 Library Forums. The content you requested has been removed. Security Policy Settings Reference Account Policies Password Policy. Password Policy Password must meet complexity requirements. Password must meet complexity requirements. Store passwords using reversible encryption. Collapse the table of content.
This documentation is archived and is not being maintained. July 18, Applies To: Enabling this policy setting requires passwords to meet the following requirements: The password contains characters from three of the following categories: Uppercase letters of European languages A through Z, with diacritic marks, Greek and Cyrillic characters Lowercase letters of European languages a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters Base 10 digits 0 through 9 Non-alphanumeric characters special characters for example,!
Complexity requirements are enforced when passwords are changed or created. Enabled Disabled Not defined. Server type or Group Policy Object GPO Default value Default domain policy Enabled Default domain controller policy Enabled Stand-alone server default settings Disabled Domain controller effective default settings Enabled Member server effective default settings Enabled Effective GPO default settings on client computers Disabled.
Stand-alone server default settings. Domain controller effective default settings. Member server effective default settings. Effective GPO default settings on client computers.