Solved

Windows 2012 Foundation Server - How to stop Administrator password from expiring?

Posted on 2014-02-25
4
1,226 Views
Last Modified: 2014-08-12
Having installed a few Windows 2012 Foundation servers I would like to somehow stop the administrator's password from expiring and restore the original password.
I've tried using the GP Management console and editing the Default Domain Policies, Windows Settings, Security Settings, Account Policy, Password Policy, and Disabling all of the entries there.  Then I did a gpupdate /force.
But when I try to change the administrator password using Ctrl-Alt-Del it tells me "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain."
I even tried to do this using the AD Administrative Center and adding a new Password Setting entry but that didn't work either.

I would like to change the administrator's password back to what it was before it expired and then to disable only the administrator's password from expiring.

Thank you.
0
Comment
Question by:FADugach
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Frosty555
ID: 39886307
Domain controllers often have additional group policies applied which overrides the default domain policy. By default I'm pretty sure there is a "Default Domain Controllers Policy" where this information is set.

Open a command prompt window as Administrator, and run "gpresult /r". This will show you all of the policies applied to the computer both under the Computer Settings context, and the User Settings context. You'll also get information about what security groups the computer and the logged in user belongs to.

You'll need to look inside of those policies to determine which one is enforcing password complexity / history on your domain controller.
0
 

Author Comment

by:FADugach
ID: 39886390
Thanks for your quick reply. I've attached the results of the gpresults /r in a text file.
I thought that my changes would encompass all of the security groups??
Are you saying that I have to edit every one of these groups?
This is an out of the box Foundation server with about a week's worth of customization for a local domain??
Thank you.
Admin-Password-GPResult-R.txt
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 39898726
Your results show that two policies are effective. One of them has password settings. Simply run rsop.msc on your DC and look which of the two has them set.
But: if you make out what policy it is, you cannot simply tune it - all domain accounts (as those passwords reside on the DC alone) will be affected!

So please think about if you really need to change it back to the original value and not leave it with another pw. The expiry requirement is simple to override, look at the following picture:
Screenshot
0
 

Author Closing Comment

by:FADugach
ID: 40256927
Thank you and sorry for the delay.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
server plus 2 124
Changing Passwords for  Windows and Linux servers  in bulk 7 86
UAC Controls - confused 9 103
semaphore timeout period has expired 1 32
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question