Strangenut

How to edit the password policy on Windows Server 2008 R2 with Active Directory

When setting up a new Windows Server 2008 server either with or without Active Directory you will discover that it has a rather strong policy for passwords.  If you are setting this up at home or in a small business environment and don't want to deal with the complex passwords that are required to meet the policy guidelines, you can edit the policy to disable the complexity requirements.  You can try going to a command prompt and typing 'gpedit.msc' then navigating to Computer Settings\Windows Settings\Security Settings\Account Policies\Password Policy\ section.

Here you will see the 'Password must meet complexity requirements' item.  When viewing the properties of it, usually the Enabled/Disabled radio buttons will be grayed out and you cannot change the values.  If they are able to be changed, go ahead and do it, and save out of the dialog boxes.  If it is grayed out and you cannot change it here, this is how you do it:

  1. Go to a command prompt
  2. Type 'secedit /export /cfg c:\local.cfg' and hit enter
  3. Using notepad, edit c:\local.cfg
  4. Look for the line "PasswordComplexity = 1" and change it to "PasswordComplexity = 0"
  5. You can also edit "MinimumPasswordLength = 7" to a lesser value if you like.
  6. Save the file
  7. At a command prompt type 'secedit /configure /db %windir%\security\local.sdb /cfg c:\local.cfg /areas SECURITYPOLICY
  8. This will apply the new settings and refreshing the gpedit.msc should reflect the new settings
  9. Set your new less complex password!

Posted Jul 03 2010, 02:14 PM by dacrowlah
Powered by Community Server (Non-Commercial Edition), by Telligent Systems