Password must meet complexity requirement

This security setting determines whether passwords must meet complexity requirements.
If this policy is enabled, passwords must meet the following minimum requirements: 

  • Not contain the user's account name or parts of the user's full name that exceed two consecutive characters 
  • Be at least six characters in length 
  • Contain characters from three of the following four categories: 
    • English uppercase characters (A through Z) 
    • English lowercase characters (a through z) 
    • Base 10 digits (0 through 9) 
    • Non-alphabetic characters (for example, !, $, #, %) 

Complexity requirements are enforced when passwords are changed or created.
Note: By default, member computers follow the configuration of their domain controllers.

Policy path: 

Computer Configuration\Windows Settings\Account Policies\Password Policy


Enabled on domain controllers. Disabled on stand-alone servers.

Supported on: 

At least Windows XP SP2, Windows Server 2003

Registry settings: 

Password Policy security settings are not registry keys.

Reboot required: 


Related content