question

Eric-0706 avatar image
0 Votes"
Eric-0706 asked EileenB answered

Password complexity setting for AD domain with Windows 10 workstations

I am trying to setup the Windows 10 password policy for our office workstation. Seems like there is a 'Password must meet complexity requirements' option in the policy setting, which require any 3 combination out of 5 criteria. But I cannot set custom combination (e.g. upper case + low case + (numeric or special characters), anyone have experience with this? Is there other setting in Windows that I can force users to use certain combination of characters? or need third part tools to do so?

Thank you in advance.

windows-10-securitywindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered Eric-0706 commented

Hi,
Based on my understanding, Password complexity setting for workstations in domain was controlled by the default domain policy.
The combination can't be set by default.
If you want to custom combination, you may need to use a custom the Password Filter DLL:
https://docs.microsoft.com/en-us/windows/win32/secmgmt/installing-and-registering-a-password-filter-dll
https://www.rushworth.us/lisa/?p=648
This response contains a third-party link. We provide this link for easy reference. Microsoft cannot guarantee the validity of any information and content in this link.

Best Regards,

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
 
Just want to confirm the current situations.
If there's anything you'd like to know, don't hesitate to ask.

Best Regards,

0 Votes 0 ·

Hi,

I have look into custom password filter option and it is really helpful.
However we don't have the programming resources to create our own, will look into some third party password filter instead.
Thank you.

Eric

0 Votes 0 ·
EileenB avatar image
0 Votes"
EileenB answered

Question is if you really need the highest complexity or only "better" passwords. To prevent users from using easy passwords you need a dictionary filter, etc. So for really good passwords, get a thirs party tool - I don't know if it is allowed to recommend something to look into?
But you can also overdo it with too many restrictions (I have seen this, they even checked for -German- license plates :( which killed a lot of options and users could even set a password).

Two questions:
Do your users need those kind of regulations?
(Have you analyzed the overall password quality?)

And could be an option to go "passwordless" or even implement like Windows Hello, certificates, security keys (hardware)?
Depends on the whole situation (so, no need for a deep discussion).

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.