By default, Windows 2003 Server requires user passwords to meet minimum set complexity requirements including password lengths. A lot of people like short, simple, easy to remember passwords and these just wont work in a Windows 2003 Server unless this option is disabled. Disabling these features allows administrators and users to choose any password. Disabling this feature is stupid in my not so humble opinion, so I won't show you how to disable it :)

However if you are managing a Windows 2000 domain this is not the default configuration. You can use this information to implement password complexity and I guess you could use this information to disable it. Just don't email me when you network is compromised due to lousy passwords. Log on to a domain controller and run DSA.msc from the run box. Drill down to your domain and right-click the domain name. Click properties and then click the Group Policy tab. Highlight the Default Domain Policy and click Edit.

Drill down through Computer Configuration | Windows Settings | Account Policies | Password Policy. The right pane will detail the requirements for a complex password.

Here is where you can make the changes to the password policy.

• Enforce Password History - 0 to 24 Passwords - This setting determines the number of old passwords to remember before a user can re-use a password. This policy allows an administrator to ensure that old passwords are not reused continually. The default is 24.
• Maximum Password Age - 0 to 998 days - This setting determines the number of days that a password can be used before the user is required to change it. The default is 42 but anywhere from 30 to 60 days is a recommended setting.
• Minimum Password Age - 0 to 998 days - This security determines the number of days that a password must be used before the user is allowed to change it. This must be less than the Maximum Password Age. A setting of 1 less than the maximum password age is recommeded. This combined with Enforce Password History will prevent users from chaning back to their old password the next day.
• Mimimum Password Length - 1 to 14 characters - This setting determines the least number of characters that a user password must use. 7 or higher is recommended.
• Password Must Meet Complexity Requirements - This setting, when enabled, determines whether passwords must meet complexity requirements. Enabling this is highly recommended. Complexity Requirements are as follows: -Cannot contain all or part of the username -Must be at least 6 characters long -Contain 3 of the 4 following character groups      - A to Z      - a to z      - 0 to 9      - Special Characters i.e. ! ^ $ *
• Store Passwords Using Reversible Encryption - This setting, when enabled, determines whether the operating system stores passwords using reversible encryption. If passwords are stored using reversible encryption is virtually the same as storing them in plain text as the encryption can be removed. It is NOT recommended to enable this except in extreme instances where it is absolutley required.

If you are managing a Windows 2000 domain you can edit your policy (it's located in the same place) to match the recommeded settings and take advantage of this security feature. When a new user is created, or when a user changes his/her password, they will be required to use a complex password. Users with current passwords will not be required to set a complex password until they change their next password change.