Enforcing Password Complexity

rickbennett · ‎03-02-2009

I have setup my Cisco ASA 5500 for SSL VPN access. After much digging for information, I have managed to setup the authentication for end users to a Microsoft IAS Server which in turns is linked to their active directory account. I have also managed to get password changing through the web interface working, however, I do have a problem. I want to enforce password complexity for the end users when changing their passwords through the SSL VPN, but I am unable to get this working. If anyone has any information on how to get this working, it would be greatly appreciated. Thanks.

smalkeric · ‎03-06-2009

Enforcing password complexity takes effect only when the user changes passwords; for example, when you have configured Enforce password change at next login or Password expires in n days. At login, the user receives a prompt to enter a new password, and the system will accept only a complex password.

rickbennett · ‎03-06-2009

Yes, this might be true for machines that belong to our organization. However, I have to provide VPN access for external consultants that are working on projects for us, and their machines are not part of our domain. In the group policy, the force password complexity is part of the Computer Configuration, and not the User Configuration. I have tried enabling it, and even testing with one of my own machines, but the password complexity is not enforced.