Solved

Cannot disable password complexity requirements in Windows Server 2003

Posted on 2004-04-02
7
3,574 Views
Last Modified: 2010-05-18
I've successfully installed Windows Server 2003 as a Domain Controller, App Server, and DNS server (single machine).  When I tried to create the first user account (me), the password I was using was not complex enough.  I went in to the Default Domain Policy and edited the Computer Configuration Security Settings.  I set all of the password information to "Not Defined" or "Disabled" and saw no change in the ability to use a less that secure password.  I also set minimal requirements on the password restrictions and that didn't work.  The only way I was able to enter a simple password was to disable the Computer Configuration piece of the Policy.  Am I missing something here?  Is there a registry setting overriding the policy?  Was it an update patch I've installed...or not installed?

Thanks.

ST3
0
Comment
Question by:slaroche
7 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10746319
Is this related? http://support.microsoft.com/?kbid=821425

What's the exact error message you're seeing?
0
 
LVL 5

Expert Comment

by:Droby10
ID: 10748090
a few comments.  first, did you reboot between policy changes?  password filters are initialized and loaded into lsa process space at boot and locked until shutdown; as is the use of it/them for password validation.

you might also look at your [HKLM\System\CurrentControlSet\Control\Lsa@Security Packages] value.  passflt should not be present, after you disable complexity, but odder things have happened.  if it is there, then remove it (be aware it's a multi_sz value).  reboot.  and then give it another go.

0
 

Author Comment

by:slaroche
ID: 10754548
I went in and set all of the password policy settings to "Not Defined" and rebooted the machine.  I still get the message:  Windows cannot complete the password change for "user" because: The password does not meet the password policy requirements.  Check the minimum password length, password complexity and password history requirements.

I also verified that the only value in the registry key you identified is the following:

kerberos
msv1_0
schannel
wdigest

So, I don't know.  I've made the changes in Administrative Tools>Default Domain Security Settings>Account Policies>Password Policy...everything in there shows Not Defined.

Any other ideas?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 5

Accepted Solution

by:
Droby10 earned 250 total points
ID: 10754802
sorry wrong key, it should be under notification packages rather than security packages.

verify with the following list.

RASSFM
KDCSVC
WDIGEST
scecli
0
 

Author Comment

by:slaroche
ID: 10762307
I have those and only those values in the Notification Packages.  Could there be a patch that I applied or did not apply.  I've done all of the critical updates.  
0
 
LVL 20

Expert Comment

by:What90
ID: 10829990
Here's a link to someone with the same problem and how they fixed it:
http://www.experts-exchange.com/Operating_Systems/Q_20930511.html
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now