It's possible to enforce more difficult password rules using another password dll..
Available from mikeysoft, but U have to compile this yourself.
(i can't find the link rightaway but it's available from technet.com)
It's not perfect.. but it sure does work.

Our users now have to use at least 3 types of char's (with at least one number) with a length of 12 chars

Seems pretty secure ..