Hi, While reviewing the current password policy and account security procedures, I was informed of a high number of "default" passwords being used. Tests reveil indeed _a lot_ of account use the same password. On top, most are incredably weak. Company001 or alike. Therefore I was wondering whether it is possible to restrict some passwords from being chosen. in that way, a list of company and building names and date iterations migh force users to choose a stronger password. Going throug GPO, I did not find a place to configure this, And I also do not see a way of interveining in the password reset procedure. Is it possible to configure such restrictions in any way? Even better (but i'm quite sure it is not possible), would be to be able to have some restriction on the amount of users that may have the same password. MCP/MCSA/MCTS/MCITP

Do you use pasword complexity in GPO? Remember that some articles even in MS pages were misleading. See this short article and place your question here: http://blogs.technet.com/b/activedirectoryua/archive/2010/11/22/description-of-password-complexity-is-corrected.aspx

Yes we do use password complexity. But this does not prevents our users from choosing anotther common password. However, the article you linked me, led me to documentation about "Password filters", which contain exactly the kind of thing I need! http://msdn.microsoft.com/en-us/library/ms721882(v=VS.85).aspxMCP/MCSA/MCTS/MCITP

Maybe this is something for you then ? http://nfrontsecurity.com/products/nfront-password-filter/Armann Jakob Palsson

Yes, indeed, this seems like a third party solution based on the password filter features provided by Micorosoft. if no out-of-the-box solution exists, such third party stuff can fill in the gap :) MCP/MCSA/MCTS/MCITP

Yes we do use password complexity. But this does not prevents our users from choosing anotther common password. However, the article you linked me, led me to documentation about "Password filters", which seem to contain usefull info and features, but need extensive programming and knowledge. http://msdn.microsoft.com/en-us/library/ms721882(v=VS.85).aspx MCP/MCSA/MCTS/MCITP

Hi, Like mentioned this feature you are looking for is not found out of the box. You will need to write your own password filter. There are 3rd party vendors out there that also provide this. Specops Password Policy allows you to append a dictionary list to password policies (where true Group Policies are used and not some tempates within Group Policies) in which you can stipulate what cannot be used in a password. They also give you granular control on the complexity such as disallow digit as first, or last character. Disallow consecutive characters. Disallow incremental passwords (where it has to be more than the last character changed). There is no limit to how many Password Policies you can configure and as it is Group Policy based, you can leverage security filtering, and security delegation. http://www.specopssoft.com/products/specops-password-policy Good Luck Harj Singh Specops Software