Server 2008 R2 – Disable Password Complexity

Problem

If you are unsure what password complexity is click here. Bear in mind that it’s there for valid security reason, the more complex your passwords are, the more secure your network is. However the vast majority of users can even remember where they saved their last Word document, never mind a complex password that changes every 30 days.

If your data is not the sort of data that Tom Cruise would abseil down from a sky light to steal, and more like the kind of data that’s mundane and uninteresting, then security might not be your greatest concern.00001s

Solution-01

You’re looking to change the password complexity setting you found in the “Default Domain Policy”, not the local group policy. Then do a “gpupdate” and you’ll see the change take effect.

Open Group Policy Management Console (Start / Run / GPMC.MSC), open the Domain, and right-click and Edit the “Default Domain Policy”. Then dig into the “Computer Configuration”, “Windows Settings”, “Security Settings”, “Account Policies”, and modify the password complexity requirements setting.

Solution – Local Group Policy

1. Click “Start” menu on the lower right corner of your desktop, and then go to “Run”.

2. Input “gpedit.msc” (without quotations). Then it appears the Group Policy box.

3. Select “Computer Configuration” under the directory of “Group Policy”, and hit “Local Computer Policy”, and then “Computer Configuration-Windows Settings–Security Settings–Password Policy”.

4. Find in the box “Password must meet complexity requirements”, and then set it as “Disable”.

5.Look for the line “ length” and set it as “0 characters”. If it shows “6 characters” by default, it means your new password should consist of at least 6 words.

6. Set “Minimum password age” as “o days”.

7. Set “Enforce password history” as “o days”.

8. After we finished the above settings,Open CMD and  input “gpupdate/force” to force it to refresh group policy.

Solution-02

Note: Prior to Server 2008 (that’ll be Server 2003 and earlier then) you could only have one password policy, and this applies to the entire domain. To get multiple password policies in older domains you had to create “sub-domains”. With 2008 you can have different password polices, I’m assuming if you have the knowledge of how to create fine grained password policies, then you wont be reading this anyhow, for everyone else there’s Mastercard – well that, and the default domain policy.

1. On a domain controller , Start > Administrative Tools > Group Policy Management > Expand Forest > Domains > {your domain name} > Right click Default Domain Policy > Edit.

2. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy > “Password must meet complexity requirements”.00002s

Note some other policies may be of use here – like password length password history etc.

3. Change the policy definition to “Disabled” (note just un ticking the “Define this policy setting” will NOT work) > Apply > OK > Exit the group policy management console.00003s

4. To refresh the policy > Start > cmd > issue the following command,

gpupdate /force

00004s

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s