- Passwords may not contain your user name or any part of your full name
- Passwords must be at least six characters long
- Passwords must contain elements from three of the four following types of
characters:
Character types- English upper case letters A, B, C, ... Z
- English lower case letters a, b, c, ... z
- Westernized arabic numerals 0, 1, 2, ... 9
- Non-alphanumeric characters (special characters $,!,%,^)
- In administration console locate Local Security Policy
- Select Account Policy | Password Policy
- Enable the Passwords must meet complexity requirements setting
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Control\Lsa
Name:
Notification Packages
Type: REG_MULTI_SZ
Value: list of DLL names without .DLL suffix that reside in the System32
directory that need to be enabled
It is essential that this registry entry only name trusted DLLs in the SYSTEM32 folder and that are read-only to other than admins. Arne Vidstrom has released an enhanced strong password filter dll. Strongpass works like the standard passfilt.dll, but enforces some extra password policies. The passwords must be at least 7 characters long, and if they are exactly 7 characters these must be picked from the three groups a-z/A-Z, 0-9, and special characters (other than the alphanumeric). If the password is longer than 7 characters but shorter than 14, the same rule applies to the first 7 characters. If the password is exactly 14 characters, the rule applies to either the first 7 or the last 7 characters (any group matching the rule will do). This policy will make it harder for a cracking program like L0phtcrack to crack the LANMAN hashes generated from the passwords.
Related:
Q151082 : HOWTO: Password Change Filtering & Notification in Windows NT
Q161990 : How to Enable Strong Password Functionality in Windows NT