15 Character password

[cwoods12]

I was wondering if there was any way to require windows use 15 character password? I know it can be set to 14. Thanks

[Jeremy]

Are you referring to your user password to log into Windows?

[tap52384]

Group Policy Editor (gpedit.msc)?

[tap52384]

In Group Policy Editor:

Computer Configuration --> Windows Settings --> Security Settings --> Account Policies --> Password Policy --> Minimum Password Length

[cwoods12]

Yes I can change to a min of 14 characters, but I would like to restrict the user to create a min of 15 character password. So the user has to create a password with a min of 15 characters.

[nmX.Memnoch]

Windows XP can have up to a 255 character password!

All you have to do is configure the appropriate option via GPO (or gpedit.msc if this is a stand-alone/non-domain PC).

Is the workstation stand-alone or a member of a domain?

[cwoods12]

This is a Stand alone client, I know your able to restrict a user to use a min of 15 characters with Active directory in a domain situation. What I want to do is change the min of 14 to 15 character. So when a users tries to make a password shorter then 15 say like 14 then they receive an error stating password is to short. Not sure if that is even possible within windows.

[IcemanND]

through gpedit.msc for local machine maximum is 14 characters for minimum length. If you don't believe me try it. when you scroll up through the number after 14 it returns to 0 and won't take typed input over 14 either.

if you want to enforce very long passwords using group policy or security templates, don't bother - neither will allow you to set a minimum password length greater than 14 characters. Probably has to do with the fact that many dialogs and functions in windows don't properly handle passwords over 14 characters. And older operating systems also have problems with long passwords.

[nmX.Memnoch]

You're right...it does only allow up to a minimum of 14 characters. That's just the minimum though...the actual password can be longer.

Honestly though, if the only reason you're wanting to go to 15 instead of 14 is because of the way NTLM password hashes are stored (all caps, breaks at every seven characters) then just disable caching the NTLM hash.

GPEDIT.MSC > Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Network security: Do not store LAN Manager hash value on next password change

There are several others in the same location that you should set to Enabled or Disabled as appropriate:

Network access: Allow anonymous SID/Name translation

Network access: Do not allow anonymous enumeration of SAM accounts

Network access: Do not allow anonymous enumeration of SAM accounts and shares

Network access: Do not allow storage of credentials or .NET Passports for network authentication

Network access: Let Everyone permissions apply to anonymous users

That's just a few...there are others I would set as well.

Edited March 30, 2007 by nmX.Memnoch

[cwoods12]

Thanks for your help, a guy from my team wrote a pwdflt.dll file which restrict users to have a 15 char password within windows XP and he is currently working on one for windows 2000.