Password is not compliant with the System Password Complexity policy (279890)

SYMPTOMS

If the administrator generates a password for a user through the Add User Wizard, it may not meet the requirements that are set by the System Password Complexity policy but it may be accepted anyway. The same behavior can occur if the administrator attempts to specify the password for a user.

CAUSE

This behavior occurs because the password is not compliant with the System Password Complexity policy. The Passfilt.dll file implements the following password policy:

Passwords must be at least six characters long.
Passwords may not contain your SAM account name when it is three or more characters in length or any full "token" in your display name that is also three or more characters in length. For example: If your SAM account name is etiennej and your display name is Jacques, Etienne P., there will be three blocked "tokens": etiennej, Jacques and Etienne. The middle initial is less than three characters and is therefore not considered a "token". Subsets like etiennej1 and Jacque12$ will not be blocked.

Passwords must contain characters from at least three of the following four classes:

Description	Examples
English upper case letters	A, B, C, ... Z
English lower case letters	a, b, c, ... z
Westernized Arabic numerals	0, 1, 2, ... 9
Non-alphanumeric ("special characters")	Punctuation marks and other symbols

These requirements are hard-coded in the Passfilt.dll file and cannot be changed through the user interface or registry. If you want to change these requirements, you must write your own .dll and implement it in the same way as the Microsoft version that is available with Windows NT 4.0 Service Pack 2.

Password is not compliant with the System Password Complexity policy (279890)

SYMPTOMS

CAUSE

WORKAROUND