Solved

Cannot disable password complexity requirements in Windows Server 2003

Posted on 2004-04-02
7
3,593 Views
Last Modified: 2010-05-18
I've successfully installed Windows Server 2003 as a Domain Controller, App Server, and DNS server (single machine).  When I tried to create the first user account (me), the password I was using was not complex enough.  I went in to the Default Domain Policy and edited the Computer Configuration Security Settings.  I set all of the password information to "Not Defined" or "Disabled" and saw no change in the ability to use a less that secure password.  I also set minimal requirements on the password restrictions and that didn't work.  The only way I was able to enter a simple password was to disable the Computer Configuration piece of the Policy.  Am I missing something here?  Is there a registry setting overriding the policy?  Was it an update patch I've installed...or not installed?

Thanks.

ST3
0
Comment
Question by:slaroche
7 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10746319
Is this related? http://support.microsoft.com/?kbid=821425

What's the exact error message you're seeing?
0
 
LVL 5

Expert Comment

by:Droby10
ID: 10748090
a few comments.  first, did you reboot between policy changes?  password filters are initialized and loaded into lsa process space at boot and locked until shutdown; as is the use of it/them for password validation.

you might also look at your [HKLM\System\CurrentControlSet\Control\Lsa@Security Packages] value.  passflt should not be present, after you disable complexity, but odder things have happened.  if it is there, then remove it (be aware it's a multi_sz value).  reboot.  and then give it another go.

0
 

Author Comment

by:slaroche
ID: 10754548
I went in and set all of the password policy settings to "Not Defined" and rebooted the machine.  I still get the message:  Windows cannot complete the password change for "user" because: The password does not meet the password policy requirements.  Check the minimum password length, password complexity and password history requirements.

I also verified that the only value in the registry key you identified is the following:

kerberos
msv1_0
schannel
wdigest

So, I don't know.  I've made the changes in Administrative Tools>Default Domain Security Settings>Account Policies>Password Policy...everything in there shows Not Defined.

Any other ideas?
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 5

Accepted Solution

by:
Droby10 earned 250 total points
ID: 10754802
sorry wrong key, it should be under notification packages rather than security packages.

verify with the following list.

RASSFM
KDCSVC
WDIGEST
scecli
0
 

Author Comment

by:slaroche
ID: 10762307
I have those and only those values in the Notification Packages.  Could there be a patch that I applied or did not apply.  I've done all of the critical updates.  
0
 
LVL 20

Expert Comment

by:What90
ID: 10829990
Here's a link to someone with the same problem and how they fixed it:
http://www.experts-exchange.com/Operating_Systems/Q_20930511.html
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question