The built-in Microsoft password filter is not enabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-1150	3.028	SV-29685r1_rule	IAIA-1 IAIA-2	Low

Description
The use of complex passwords increases their strength against guessing. This policy setting configures the system to verify that newly-created passwords conform to the Windows password complexity policy.

STIG	Date
Windows 2008 Member Server Security Technical Implementation Guide	2015-03-09

Details

Check Text ( C-32937r1_chk )
Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Account Policies -> Password Policy. If the value for “Password must meet complexity requirements” is not set to "Enabled", then this is a finding. Note: If the site is using a password filter that requires this setting be set to “Disabled” for the filter code to be used, then this would not be considered a finding. If this setting does not affect the use of an external password filter, it will be enabled for fall-back purposes.

Check Text ( C-32937r1_chk )

Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Account Policies -> Password Policy.

If the value for “Password must meet complexity requirements” is not set to "Enabled", then this is a finding.

Note: If the site is using a password filter that requires this setting be set to “Disabled” for the filter code to be used, then this would not be considered a finding. If this setting does not affect the use of an external password filter, it will be enabled for fall-back purposes.

Fix Text (F-28809r1_fix)
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> “Password must meet complexity requirements” to "Enabled".