Account Policy on New User Not Enforced

• Microsoft Windows NT operating system version 3.1
• Microsoft Windows NT Advanced Server version 3.1

SYMPTOMS

Windows NT and Windows NT Advanced Server do not enforce account policy of minimum password length restriction to new users created from the User Manager. The behavior is different in Windows NT and Windows NT Advanced Server as follows:

If the account policy is made so that the minimum password length must be at least five characters:

• On a Windows NT Advanced Server machine:



• If a new user is created from the User Manager for domains with just the option of "User Must Change Password at Next Logon," any password of fewer than five characters is accepted. The user can logon with this invalid password and the subsequent password follows the account policy and prompts if the password length is less than five characters.



• If the new user is created with the remaining options of Password Never Expires or Password Cannot Be Changed, the account policy is enforced by prompting for a password of at least five characters.



• On a Windows NT machine, a user can be created from User Manager with any of the following options and it accepts a password with fewer characters than the minimum password length, thereby not following the account policy:



• "User Must Change Password at Next Logon"



• Password Never Expires



• Password Cannot Be Changed

STATUS

Microsoft has confirmed this to be a problem in Windows NT and Windows NT Advanced Server version 3.1. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

Additional query words: prodnt

Keywords : kbnetwork
Version : 3.1
Platform : WINDOWS
Issue type :