Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cannot disable password complexity requirements in Windows Server 2003

Posted on 2004-04-02
7
Medium Priority
?
3,625 Views
Last Modified: 2010-05-18
I've successfully installed Windows Server 2003 as a Domain Controller, App Server, and DNS server (single machine).  When I tried to create the first user account (me), the password I was using was not complex enough.  I went in to the Default Domain Policy and edited the Computer Configuration Security Settings.  I set all of the password information to "Not Defined" or "Disabled" and saw no change in the ability to use a less that secure password.  I also set minimal requirements on the password restrictions and that didn't work.  The only way I was able to enter a simple password was to disable the Computer Configuration piece of the Policy.  Am I missing something here?  Is there a registry setting overriding the policy?  Was it an update patch I've installed...or not installed?

Thanks.

ST3
0
Comment
Question by:slaroche
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10746319
Is this related? http://support.microsoft.com/?kbid=821425

What's the exact error message you're seeing?
0
 
LVL 5

Expert Comment

by:Droby10
ID: 10748090
a few comments.  first, did you reboot between policy changes?  password filters are initialized and loaded into lsa process space at boot and locked until shutdown; as is the use of it/them for password validation.

you might also look at your [HKLM\System\CurrentControlSet\Control\Lsa@Security Packages] value.  passflt should not be present, after you disable complexity, but odder things have happened.  if it is there, then remove it (be aware it's a multi_sz value).  reboot.  and then give it another go.

0
 

Author Comment

by:slaroche
ID: 10754548
I went in and set all of the password policy settings to "Not Defined" and rebooted the machine.  I still get the message:  Windows cannot complete the password change for "user" because: The password does not meet the password policy requirements.  Check the minimum password length, password complexity and password history requirements.

I also verified that the only value in the registry key you identified is the following:

kerberos
msv1_0
schannel
wdigest

So, I don't know.  I've made the changes in Administrative Tools>Default Domain Security Settings>Account Policies>Password Policy...everything in there shows Not Defined.

Any other ideas?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 5

Accepted Solution

by:
Droby10 earned 750 total points
ID: 10754802
sorry wrong key, it should be under notification packages rather than security packages.

verify with the following list.

RASSFM
KDCSVC
WDIGEST
scecli
0
 

Author Comment

by:slaroche
ID: 10762307
I have those and only those values in the Notification Packages.  Could there be a patch that I applied or did not apply.  I've done all of the critical updates.  
0
 
LVL 20

Expert Comment

by:What90
ID: 10829990
Here's a link to someone with the same problem and how they fixed it:
http://www.experts-exchange.com/Operating_Systems/Q_20930511.html
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question