Solved

Cannot disable password complexity requirements in Windows Server 2003

Posted on 2004-04-02
7
3,599 Views
Last Modified: 2010-05-18
I've successfully installed Windows Server 2003 as a Domain Controller, App Server, and DNS server (single machine).  When I tried to create the first user account (me), the password I was using was not complex enough.  I went in to the Default Domain Policy and edited the Computer Configuration Security Settings.  I set all of the password information to "Not Defined" or "Disabled" and saw no change in the ability to use a less that secure password.  I also set minimal requirements on the password restrictions and that didn't work.  The only way I was able to enter a simple password was to disable the Computer Configuration piece of the Policy.  Am I missing something here?  Is there a registry setting overriding the policy?  Was it an update patch I've installed...or not installed?

Thanks.

ST3
0
Comment
Question by:slaroche
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10746319
Is this related? http://support.microsoft.com/?kbid=821425

What's the exact error message you're seeing?
0
 
LVL 5

Expert Comment

by:Droby10
ID: 10748090
a few comments.  first, did you reboot between policy changes?  password filters are initialized and loaded into lsa process space at boot and locked until shutdown; as is the use of it/them for password validation.

you might also look at your [HKLM\System\CurrentControlSet\Control\Lsa@Security Packages] value.  passflt should not be present, after you disable complexity, but odder things have happened.  if it is there, then remove it (be aware it's a multi_sz value).  reboot.  and then give it another go.

0
 

Author Comment

by:slaroche
ID: 10754548
I went in and set all of the password policy settings to "Not Defined" and rebooted the machine.  I still get the message:  Windows cannot complete the password change for "user" because: The password does not meet the password policy requirements.  Check the minimum password length, password complexity and password history requirements.

I also verified that the only value in the registry key you identified is the following:

kerberos
msv1_0
schannel
wdigest

So, I don't know.  I've made the changes in Administrative Tools>Default Domain Security Settings>Account Policies>Password Policy...everything in there shows Not Defined.

Any other ideas?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 5

Accepted Solution

by:
Droby10 earned 250 total points
ID: 10754802
sorry wrong key, it should be under notification packages rather than security packages.

verify with the following list.

RASSFM
KDCSVC
WDIGEST
scecli
0
 

Author Comment

by:slaroche
ID: 10762307
I have those and only those values in the Notification Packages.  Could there be a patch that I applied or did not apply.  I've done all of the critical updates.  
0
 
LVL 20

Expert Comment

by:What90
ID: 10829990
Here's a link to someone with the same problem and how they fixed it:
http://www.experts-exchange.com/Operating_Systems/Q_20930511.html
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question