Server 2003: Password. moving capital letter not accepted

[Guest Jason]

We have a server 2003 AD environment, with the usual security policies in

places (length, complexity, minimum age, etc).

 

When a user tries to change a password by moving the capital, it does not

work, but changing one character does.

eg:

 

Fred1234 will not change to fRed1234 but will change to Fred1235

 

Why does the system not take the change? Why is the moving capital (2

changes in the previous password) not taken, while the changing character (1

change) is?

[Guest Alun Jones]

"Jason" <Jason@discussions.microsoft.com> wrote in message

news:56F5F411-F4DA-4405-B8F6-0B39E3DD2C51@microsoft.com...<span style="color:blue">

> We have a server 2003 AD environment, with the usual security policies in

> places (length, complexity, minimum age, etc).

>

> When a user tries to change a password by moving the capital, it does not

> work, but changing one character does.

> eg:

>

> Fred1234 will not change to fRed1234 but will change to Fred1235

>

> Why does the system not take the change? Why is the moving capital (2

> changes in the previous password) not taken, while the changing character

> (1

> change) is?</span>

 

Because LM hashes ignore case when comparing two passwords.

 

Both of the suggested password 'changes' you've noted above are examples of

things _not_ to do. One of them can be easily and automatically caught, the

other is harder to check for (but you can create or buy custom password

filters to do the job for you), but they're both bad. Don't use either

technique when your password expires - choose a new pass phrase, completely

different from the old one; absolutely unrelated to any previous password.

 

Alun.

~~~~

--

Texas Imperial Software | Web: http://www.wftpd.com/

23921 57th Ave SE | Blog: http://msmvps.com/alunj/

Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.

Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.