[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1321
  • Last Modified:

Windows 2012 Foundation Server - How to stop Administrator password from expiring?

Having installed a few Windows 2012 Foundation servers I would like to somehow stop the administrator's password from expiring and restore the original password.
I've tried using the GP Management console and editing the Default Domain Policies, Windows Settings, Security Settings, Account Policy, Password Policy, and Disabling all of the entries there.  Then I did a gpupdate /force.
But when I try to change the administrator password using Ctrl-Alt-Del it tells me "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain."
I even tried to do this using the AD Administrative Center and adding a new Password Setting entry but that didn't work either.

I would like to change the administrator's password back to what it was before it expired and then to disable only the administrator's password from expiring.

Thank you.
0
FADugach
Asked:
FADugach
  • 2
1 Solution
 
Frosty555Commented:
Domain controllers often have additional group policies applied which overrides the default domain policy. By default I'm pretty sure there is a "Default Domain Controllers Policy" where this information is set.

Open a command prompt window as Administrator, and run "gpresult /r". This will show you all of the policies applied to the computer both under the Computer Settings context, and the User Settings context. You'll also get information about what security groups the computer and the logged in user belongs to.

You'll need to look inside of those policies to determine which one is enforcing password complexity / history on your domain controller.
0
 
FADugachOwnerAuthor Commented:
Thanks for your quick reply. I've attached the results of the gpresults /r in a text file.
I thought that my changes would encompass all of the security groups??
Are you saying that I have to edit every one of these groups?
This is an out of the box Foundation server with about a week's worth of customization for a local domain??
Thank you.
Admin-Password-GPResult-R.txt
0
 
McKnifeCommented:
Your results show that two policies are effective. One of them has password settings. Simply run rsop.msc on your DC and look which of the two has them set.
But: if you make out what policy it is, you cannot simply tune it - all domain accounts (as those passwords reside on the DC alone) will be affected!

So please think about if you really need to change it back to the original value and not leave it with another pw. The expiry requirement is simple to override, look at the following picture:
Screenshot
0
 
FADugachOwnerAuthor Commented:
Thank you and sorry for the delay.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now