Share via

Passwords must meet complexity requirements of the installed password filter

Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy


Determines whether passwords must meet complexity requirements.

By default, this setting is disabled in the Default Domain Group Policy object (GPO) and in the local security policy of workstations and servers.

If this policy is enabled, then passwords must meet the minimum requirements described in the Notes section.

Note ImageNotes

The default password filter (passfilt.dll) included with Windows 2000 requires that a password:

  • Does not contain all or part of the user's account name

  • Is at least six characters in length

  • Contains characters from three of the following four categories:

    • English upper case characters (A..Z)

    • English lower case characters (a..z)

    • Base 10 digits (0..9)

    • Nonalphanumeric (For example, !,$#,%)

Complexity requirements are enforced upon password change or creation.

To create custom password filters, refer to the Microsoft Platform Software Development Kit and the Microsoft Knowledge Base.