slaroche
asked on
Cannot disable password complexity requirements in Windows Server 2003
I've successfully installed Windows Server 2003 as a Domain Controller, App Server, and DNS server (single machine). When I tried to create the first user account (me), the password I was using was not complex enough. I went in to the Default Domain Policy and edited the Computer Configuration Security Settings. I set all of the password information to "Not Defined" or "Disabled" and saw no change in the ability to use a less that secure password. I also set minimal requirements on the password restrictions and that didn't work. The only way I was able to enter a simple password was to disable the Computer Configuration piece of the Policy. Am I missing something here? Is there a registry setting overriding the policy? Was it an update patch I've installed...or not installed?
Thanks.
ST3
Thanks.
ST3
a few comments. first, did you reboot between policy changes? password filters are initialized and loaded into lsa process space at boot and locked until shutdown; as is the use of it/them for password validation.
you might also look at your [HKLM\System\CurrentContro lSet\Contr ol\Lsa@Sec urity Packages] value. passflt should not be present, after you disable complexity, but odder things have happened. if it is there, then remove it (be aware it's a multi_sz value). reboot. and then give it another go.
you might also look at your [HKLM\System\CurrentContro
ASKER
I went in and set all of the password policy settings to "Not Defined" and rebooted the machine. I still get the message: Windows cannot complete the password change for "user" because: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.
I also verified that the only value in the registry key you identified is the following:
kerberos
msv1_0
schannel
wdigest
So, I don't know. I've made the changes in Administrative Tools>Default Domain Security Settings>Account Policies>Password Policy...everything in there shows Not Defined.
Any other ideas?
I also verified that the only value in the registry key you identified is the following:
kerberos
msv1_0
schannel
wdigest
So, I don't know. I've made the changes in Administrative Tools>Default Domain Security Settings>Account Policies>Password Policy...everything in there shows Not Defined.
Any other ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have those and only those values in the Notification Packages. Could there be a patch that I applied or did not apply. I've done all of the critical updates.
Here's a link to someone with the same problem and how they fixed it:
https://www.experts-exchange.com/questions/20930511/Windows-2003-Server-Domain-Group-Password-Policy.html
https://www.experts-exchange.com/questions/20930511/Windows-2003-Server-Domain-Group-Password-Policy.html
What's the exact error message you're seeing?