Minor disagreement in the office. We have complex passwords set, and one person seems to think that the reasons passwords aren't being changed is because the users are using parts of thier name in the password. Can you all point me to the right place to find out exactly how complex passwords work.

Complex passwords have three requirements: 1. Passwords must be at least six characters long. 2. Passwords may not contain your user name or any part of your full name. 3. Passwords must contain characters from at least three of the following four classes: a. English Uppercase letters b. English Lowercase letters c. Numerals 0,1,2,3, etc. through 9. d. Special characters, ie punctuation marks, !,#,@,$,% etc.

Is this just guidance or fact? The problem is that some users can change the password and use thier name and some can't. I really need to know if it is checking for the user name. Thanks,

Hmmm....Jennifer is exactly right....and this is fact, not guidance. If your users are able to use all or part of their real/user name then you don't have the complex passwords enabled correctly. Is this in a domain environment or local on the PC's themselves?

Ann, I gave you the Security Policy requirements for Complex passwords. I didn't give you a guide to complex passwords...