Enabling Strong Password Functionality in Windows 2000 (225230)

SUMMARY

Windows 2000 Server includes the strong password functionality first provided in Microsoft Windows NT Server 4.0 Service Pack 2 (SP2). For additional information about the scope of default strong password functionality, please see the following article in the Microsoft Knowledge Base:

161990 How to Enable Strong Password Functionality in Windows NT

In Windows NT Server 4.0, administrators must install a new Passfilt.dll library and place an appropriate entry in the registry in order for this functionality to be enabled. With Windows 2000 Server, administrators can use strong password requirements by using a Group Policy Object (GPO) because the required dynamic-link library (DLL) is included with Windows 2000.

MORE INFORMATION

To implement strong password requirements for your domain, configure a group policy object linked to your domain:

Start the Group Policy Editor Microsoft Management Console (MMC) snap-in, focused on the appropriate group policy object. This must be a group policy object linked to the entire domain. You can directly edit the Default Domain Policy GPO if you are using this policy object.

A quick method of starting the Group Policy Editor MMC snap-in with its focus pointed to this GPO is:
1. Right-click the domain object in the Active Directory Users and Computers MMC snap-in, and then click Properties.
2. Click the Group Policy tab.
3. Click the Default Domain Policy GPO link, and then click Edit.
Navigate to the following node in the group policy object:
Group Policy Object Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy
Double-click Passwords must meet complexity requirements to display the application dialog box.
Change the template setting to Enabled to activate the strong password requirement.

As with all policy settings, the change is not applies until the next time group policy objects are applied to your domain controllers.