nestey
asked on
Can not change complex password setting in server 2016
I am trying todiable the complex password in server 2016.when I navigate to Local Grup Policy Editor - Computer Configuration - Windows Setting - Security Setting - Account Policy - Password Policy The Password must meet complexity requirerments is enabled and grayed out soI am not able to change it?
McKnife
Use rsop.msc to verify which domain policy has set that.
Are these settings set in a GPO that applies to this computer? Group Policy takes precedence over local policy. In this case, the corresponding local group policy option will be grayed out. This is expected behavior.
ASKER
Sorry, I do not usually use policies so not too sure where to go. This is a new domain and I just setup this DC so must be default setting?
ASKER
I am login as the domain admin on the DC below is the results of the gpresult -r
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>gpr
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
© 2016 Microsoft Corporation. All rights reserved.
Created on 12/29/2017 at 3:33:14 PM
RSOP data for OSAIUSA\Administrator on SERVER1 : Logging Mode
--------------------------
OS Configuration: Primary Domain Controller
OS Version: 10.0.14393
Site Name: Default-First-Site-Name
Roaming Profile: N/A
Local Profile: C:\Users\Administrator
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=SERVER1,OU=Domain Controllers,DC=osaiusa,DC=
Last time Group Policy was applied: 12/29/2017 at 3:28:25 PM
Group Policy was applied from: Server1.osaiusa.lan
Group Policy slow link threshold: 500 kbps
Domain Name: OSAIUSA
Domain Type: Windows 2008 or later
Applied Group Policy Objects
--------------------------
Default Domain Controllers Policy
Default Domain Policy
Local Group Policy
The computer is a part of the following security groups
--------------------------
System Mandatory Level
Everyone
BUILTIN\Users
NT AUTHORITY\SERVICE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
BITS
CertPropSvc
DcpSvc
dmwappushservice
DsmSvc
Eaphost
IKEEXT
iphlpsvc
lfsvc
MSiSCSI
NcaSvc
NetSetupSvc
RasAuto
RasMan
RemoteAccess
Schedule
SCPolicySvc
SENS
SessionEnv
SharedAccess
ShellHWDetection
UsoSvc
wercplsupport
Winmgmt
wisvc
wlidsvc
WpnService
wuauserv
LOCAL
BUILTIN\Administrators
USER SETTINGS
--------------
CN=Administrator,CN=Users,
Last time Group Policy was applied: 12/29/2017 at 2:55:14 PM
Group Policy was applied from: Server1.osaiusa.lan
Group Policy slow link threshold: 500 kbps
Domain Name: OSAIUSA
Domain Type: Windows 2008 or later
Applied Group Policy Objects
--------------------------
N/A
The following GPOs were not applied because they were filtered out
--------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
--------------------------
Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Domain Admins
Group Policy Creator Owners
Enterprise Admins
Schema Admins
Authentication authority asserted identity
Denied RODC Password Replication Group
High Mandatory Level
C:\Users\Administrator>
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>gpr
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
© 2016 Microsoft Corporation. All rights reserved.
Created on 12/29/2017 at 3:33:14 PM
RSOP data for OSAIUSA\Administrator on SERVER1 : Logging Mode
--------------------------
OS Configuration: Primary Domain Controller
OS Version: 10.0.14393
Site Name: Default-First-Site-Name
Roaming Profile: N/A
Local Profile: C:\Users\Administrator
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=SERVER1,OU=Domain Controllers,DC=osaiusa,DC=
Last time Group Policy was applied: 12/29/2017 at 3:28:25 PM
Group Policy was applied from: Server1.osaiusa.lan
Group Policy slow link threshold: 500 kbps
Domain Name: OSAIUSA
Domain Type: Windows 2008 or later
Applied Group Policy Objects
--------------------------
Default Domain Controllers Policy
Default Domain Policy
Local Group Policy
The computer is a part of the following security groups
--------------------------
System Mandatory Level
Everyone
BUILTIN\Users
NT AUTHORITY\SERVICE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
BITS
CertPropSvc
DcpSvc
dmwappushservice
DsmSvc
Eaphost
IKEEXT
iphlpsvc
lfsvc
MSiSCSI
NcaSvc
NetSetupSvc
RasAuto
RasMan
RemoteAccess
Schedule
SCPolicySvc
SENS
SessionEnv
SharedAccess
ShellHWDetection
UsoSvc
wercplsupport
Winmgmt
wisvc
wlidsvc
WpnService
wuauserv
LOCAL
BUILTIN\Administrators
USER SETTINGS
--------------
CN=Administrator,CN=Users,
Last time Group Policy was applied: 12/29/2017 at 2:55:14 PM
Group Policy was applied from: Server1.osaiusa.lan
Group Policy slow link threshold: 500 kbps
Domain Name: OSAIUSA
Domain Type: Windows 2008 or later
Applied Group Policy Objects
--------------------------
N/A
The following GPOs were not applied because they were filtered out
--------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
--------------------------
Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Domain Admins
Group Policy Creator Owners
Enterprise Admins
Schema Admins
Authentication authority asserted identity
Denied RODC Password Replication Group
High Mandatory Level
C:\Users\Administrator>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was able to change the complexity to disable.
While I was there I also set the password length to not defined Default was 7 , now when I try set use a password that is less than 7 characters it gives me a error to check the length?
While I was there I also set the password length to not defined Default was 7 , now when I try set use a password that is less than 7 characters it gives me a error to check the length?
Restart computers twice and try to change the password again. The updated policy should apply on the desktops to start working.
You can open CMD and type: gpupdate /force
Then log off, log back on. If it is not working restart twice.
You can open CMD and type: gpupdate /force
Then log off, log back on. If it is not working restart twice.
ASKER
Hi LVL4
I tried gpupdate /force still looking for 7 characters rebooted pc 2x still the same unable to restart DC at the moment will try that after
I tried gpupdate /force still looking for 7 characters rebooted pc 2x still the same unable to restart DC at the moment will try that after
You should leave the default password length in the GP to 7 characters enabled. If you are not using the GP than god helps you, you have to manage every desktop individually.
ASKER
All set thanks LVL4
Don't forget to close this call
ASKER
Thanks Nick