Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

users can't change password, doesn't meet complexity - but does

Posted on 2013-01-28
10
Medium Priority
?
17,647 Views
Last Modified: 2013-01-29
Greetings,

users get an error stating passwords don't meet complexity when manually changing  through ctrl+alt+delete, but they do. I can change in AD on server, but not at workstation with same password. Very aggravating. Multiple emails and calls from users regarding this so need some help. Searched online but found nothing pertinent yet.

Win 2003 SP2 PDC; XP Pro and Win 7 Pro desktops / laptops

THANKS!
0
Comment
Question by:rpliner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 7

Expert Comment

by:avcontrol
ID: 38827061
Win XP have issue update AD policy unless WinXP station log off/login/restart............while Win 7 does not.
Not sure if this is the issue, but yes there should be no issue as you described.
0
 
LVL 7

Expert Comment

by:mmicha
ID: 38827081
You might want to take a peak at your Default Domain Policy.  Check your account details and make sure that "Password must meet complexity requirements" is not enabled.

This link: http://technet.microsoft.com/en-us/library/cc875814.aspx   ...  has details on where to look to find it.  It may also be present in another GPO, but a lot of the time it is in the default domain policy.
0
 
LVL 9

Expert Comment

by:TunerML
ID: 38827139
I also believe by default users can't reuse passwords even if the meet complexity requirements as per the default domain policy settings, this may also be contributing to the issue.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 7

Author Comment

by:rpliner
ID: 38827159
Thanks for the quick replies. I'll have the user restart then login and try. I'll also make certain it's not a reused password. We want complexity enabled, and has been for a while now, but just started not allowing manually changing through ctrl alt delete.

Thx again
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38827374
Hi,

Don't forget that password complexity have many constraint that we usually don't remember of....

As an example:
The password can not contain the lastname
The password can not contain the firstname
The password can not contain the loginname

So if my login is "johndoe" the password @%$johndoe123@§§!! will be refused, even if it looks a bit complex !!

Also, if you just have changed the password of the user and did not check the box "the user must change the password of next logon" and if you have a minimum password age policy your user won't be able to change its password whatever the password is... That's in fact normal because the password can not be changed before the minimum password age...

So, that was just to say that there are many reason for the password change to fail with this message saying the password doesn't comply with the complexity requirements...

Until now I never have seen a case that can not be explained by the policy settings. You just have to find the policy that prohibit the change.

Have a good day.
0
 
LVL 7

Author Comment

by:rpliner
ID: 38827423
thanks PaciB. the password used for testing was 12345Qwerty! and was never used before. I checked AD and the user account does not have user cannot change password ticked. our policy, under Default Domain Security Settings, is as such:

PW history = 2 days

max PW age = 90

min PW age = 2

min PW length = 6

complexity = enabled

rvs encryption = disabled

Thanks
0
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 1400 total points
ID: 38827450
Ok,

I see that the min PW age is 2 days.
So if you already changed the user password more recently than 2 days the user can not rechanged it and will receive the message saying the password does not meet complexity requirements.
This is true also if an admin reset the password for the user ! The user won't be able to rechange it before 2 days.
If you wan't the user to change the password immediately you have to check the box "the user must change password at next logon". Try it and see if you can set the password you want.
0
 
LVL 5

Assisted Solution

by:msallam
msallam earned 600 total points
ID: 38827452
The password minimum age is 2 days. You cannot change it before 2 days.
It seems this is the issue.
0
 
LVL 7

Author Comment

by:rpliner
ID: 38827493
I will confirm he did not change it within the last two days, try again, and then report back.

thanks
0
 
LVL 7

Author Closing Comment

by:rpliner
ID: 38831277
thanks. worked today.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question