Enforce your company's password settings in Windows 2000 Professional

by Jim Boyce | Jul 02, 2007 12:00:00 AM

Tags: Jim Boyce, Windows 2000, Windows 2000 Professional, desktops, Password, Microsoft Windows 2000, Operating Systems, Software, Windows 2000 Professional Tips Newsletter

Takeaway: It's relatively easy to crack a Windows 2000 Professional password, so it's not unusual for organizations to create password standards based on length, combination, or change frequency. Here's how to set and enforce password properties according to your company's requirements.

By default, Windows 2000 Professional's password settings are not very strict. You can improve security by enforcing stronger passwords and setting other password properties. To do so, open the Local Security Policy console from the Administrative Tools folder, then open the Account Policies/Password Policy branch. Note: If a domain policy is set, it will take precedence over a local security policy.

The first five settings in the Local Security Policy console can enhance security. The first policy, Enforce Password History, causes Windows 2000 to keep track of the specified number of previously used passwords and prevents the user from reusing a password in the history list. This helps ensure that fresh passwords are used. The Maximum Password Age and Minimum Password Age policies determine how long a password can be used before it must be changed. Minimum Password Length specifies how many characters a password must include, enabling you to require longer passwords that are more difficult to crack.

The last setting, Passwords Must Meet Complexity Requirements, requires that a password not contain the user name and must contain at least one character each from three of these four categories: English uppercase letters, English lowercase letters, Westernized Arabic numerals, and non-alphanumeric characters (!, @, #, etc.). The default password filter is defined in the file Scecli.dll in \systemroot\System32. You can customize the filter by providing a custom Scecli.dll file, either by creating one yourself, which requires programming ability, or by acquiring one from a third-party vendor.

Miss a column?

Check out the Windows 2000 Professional archive, and catch up on all the W2K Pro columns.

Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Professional newsletter, delivered each Tuesday!

Print/View all Posts Comments on this article

password johns_99@... | 07/02/07

Reset windows password if you have forgot it zpowx2@... | 05/05/09

RE: Enforce your company's password settings in Windows 2000 Professional leem888@... | 07/02/07

RE: Enforce your company's password settings in Windows 2000 Professional paroles32@... | 07/03/07

RE: Enforce your company's password settings in Windows 2000 Professional MJacoby@... | 07/05/07