Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

checking for password complexity

Status
Not open for further replies.
PPettit

PPettit

IS-IT--Management
Sep 13, 2003
511
US
Is there a way to check user passwords for complexity?

I recently enabled the "Passwords must meet complexity requirements" policy setting and want to make sure that all of the existing user accounts have been changed. I don't really need or want to know the actual password. I just want to know which accounts do not meet the complexity requirements.
 
Sort by date Sort by votes
look for a program that microsoft have produced that checks your server for security issues/lock down it tells you how many accounts do not meet what ure looking for sorry dont have the link

I haven't failed, I've found 10,000 ways that don't work.
Thomas Edison (1847-1931)
Heads :)
 
Upvote 0 Downvote
Are you thinking of the "Baseline Security Analyzer"? I've tried it but it doesn't check what I want it to check. It just looks for "weak" passwords.

This is what it checks for:
Password is blank.
Password is the same as the user account name.
Password is the same as the machine name.
Password uses the word "password."
Password uses the word "admin" or "administrator."
This check also notifies you of any accounts that have been disabled or are currently locked out.
Click to expand...

I want to make sure that the passwords conform to the complexity requirements I've set.
 
Upvote 0 Downvote
Force all the users to change there password. The next time they log on they will be force to change there password, and it will require a strong password. This way you can be sure that all passwords are strong.

Denny

--Anything is possible. All it takes is a little research. (Me)

[noevil]
(My very old site)
 
Upvote 0 Downvote
Force all the users to change there password. The next time they log on they will be force to change there password, and it will require a strong password. This way you can be sure that all passwords are strong.

I'm not sure if there is something to check for strong passwords, as it would have to brute force every users password in order to find out if it was strong or not.

Denny

--Anything is possible. All it takes is a little research. (Me)

[noevil]
(My very old site)
 
Upvote 0 Downvote

I've used, and highly recommend Symantec's LC5. There are many open source and freeware utilities for cracking password hashs, but with my company's passwords I will only trust a reputable company that can give some assurances.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
226
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
373
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
197
mangentle
mangentle
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
96
penguinroundup
penguinroundup
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
214
fightaccording
fightaccording

Part and Inventory Search

Sponsor

Back
Top