Windows Server 2008 – Password Policy Complexity
- Not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters
- Be at least six characters in length
- Complexity requirements are enforced when passwords are changed or created.
- Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
Enabled on domain controllers.
Disabled on stand-alone servers.
Note: By default, member computers follow the configuration of their domain controllers.