By default, Windows 2000's password settings are not very strict. You can improve security by enforcing stronger passwords and setting other password properties. To do so, open the Local Security Policy console from the Administrative Tools folder, then open the Account Policies/Password Policy branch. Note: If set, a domain policy will take precedence over a local security policy.
The first five settings in the Local Security Policy console can enhance security. The first policy, Enforce Password History, causes Windows 2000 to keep track of the specified number of previously used passwords and prevents the user from reusing a password in the history list. This helps ensure that fresh passwords are used. The Maximum Password Age and Minimum Password Age policies determine how long a password can be used before it must be changed. Minimum Password Length specifies how many characters a password must include, enabling you to require longer passwords that are more difficult to crack.
The last setting, Passwords Must Meet Complexity Requirements, requires that a password not contain the user name and must contain at least one character each from three of these four categories: English uppercase letters, English lowercase letters, Westernized Arabic numerals, and non-alphanumeric characters (!, @, #, etc.). The default password filter is defined in the file Scecli.dll in \systemroot\System32. You can customize the filter by providing a custom Scecli.dll file, either by creating one yourself, which requires programming ability, or by acquiring one from a third-party vendor.
Miss a column?
Check out the Windows 2000 Professional archive, and catch up on all the W2K Pro columns.
Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Professional newsletter, delivered each Tuesday!