Link to home
Create AccountLog in
Avatar of Sirec
Sirec

asked on

Windows Server 2008 R2 - Cannot disable password complexity

Hi all,

The problem we're having is that even though the password complexity via the default group policy is disabled, users are still being prompted with the message “Unable to update the password.  The value provided for the new password does not meet the length, complexity, or history requirements of the domain”

Windows settings > Security settings > Account Policies/Password policies:
Enforce password history - NOT DEFINED
Maximum password age - NOT DEFINED
Minimum password age - NOT DEFINED
Minimum password length - NOT DEFINED
Password must meet complexity requirements - DISABLED
Store passwords using reversible encryption - DISABLED

I cannot see any other policy enforcing the password complexity and I am now stuck.

Forcing GP update on client machine / rebooting server doe not work.

Please help! Any suggestions would be welcomed.

Many thanks in advance.
Avatar of haxxy
haxxy
Flag of Romania image

Is your server in a domain?
If it is then you need to modify the domain policy that is applied to that server
Avatar of Sirec
Sirec

ASKER

The server is a domain controller. I have checked policy and again, already disabled :(
Avatar of Darius Ghassem
Did you check Active Directory Policy? If you are going to gpedit.msc this is the local policy for the server please use Group Policy management console go into here and configure the password policy.
Avatar of Sirec

ASKER

Hi,

Yes I am definitely using the group policy management console and the password complexity is disabled for sure. Perhaps a reset of some sort?
ASKER CERTIFIED SOLUTION
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Sirec

ASKER

Gpresult:

USER SETTINGS
--------------
    CN=test,OU=ServiceAccounts,OU=Users,OU=xxxxxx,DC=xxxxxx,DC=local
    Last time Group Policy was applied: 15/02/2013 at 08:45:45
    Group Policy was applied from:      xxxx.xxxxxx.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        xxxxxx
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        User security policy
        Folder Redirection
        Shortcuts On Desktop

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        User security policy
            Filtering:  Disabled (Link)

        Default Domain Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Windows Updates
            Filtering:  Not Applied (Empty)

        Remote Desktop
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Roaming and redirection
        Medium Mandatory Level

I have checked the 3 applied policies in Group Policy Management and they all have 'No Settings Defined' under 'Computer Configuration'

I have checked Gpedit.msc and I can confirm the password complexity is disabled.

Thanks for your help!
Avatar of Sirec

ASKER

I know its a strange one and is very frustrating. Can anyone help please?
Avatar of Sirec

ASKER

Maybe because the default domain policy not being applied and therefore any changes I make will also not be applied?

i.e.
Local Group Policy
Filtering:  Not Applied (Empty)

Of the 3 applied policies as stated above, I may just enable the password complexity to test.

Any suggestions are welcomed guys.

Thanks
I would enabled it see what happens