49

Where do I go to disable the password complexity policy for the domain?

I've logged onto the domain controller (Windows Server 2008) and found the option in local policies which is of course locked from any changes. However I can't find the same sort of policies in the group policy manager. Which nodes do I have to expand out to find it?

Daniel Revell
  • 701
  • 3
  • 7
  • 11

7 Answers7

91

You're looking to change the password complexity setting you found in the "Default Domain Policy", not the local group policy. Then do a "gpupdate" and you'll see the change take effect.

Open Group Policy Management Console (Start / Run / GPMC.MSC), open the Domain, and right-click and Edit the "Default Domain Policy". Then dig into the "Computer Configuration", "Windows Settings", "Security Settings", "Account Policies", and modify the password complexity requirements setting.

Editing the "Default Domain Policy" is definitely a quick-and-dirty thing to do. The better thing to do, once you get a better handle on group policy management, would be to return the default back to default settings and make a new GPO overriding the default with the settings you want. To get you by fast, though, editing the default isn't going to hurt you.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • 7
    For Server 2008 R2 - On the Default Domain Policy, go on `Computer Configuration` then `Policies`, `Security Settings`, `Account Policy` then double click on `Password must meet password complexity requirement` and disable it. –  Aug 07 '11 at 11:01
  • 4
    Tried to upvote this answer, and found out that I already upvoted it a year ago. Maybe this time I'll learn... – Drew Shafer Sep 22 '14 at 20:21
  • This does not work for Windows 2019 Server. I had to Uncheck the "Define this policy setting" – FLICKER Jul 05 '21 at 01:01
  • tried this and apparently this didn't work as I was still unable to change the password despite complexity requirement was disabled. The culprit was `Minimum password age` set to 1 day (I was trying to revert back to a password changed few hours ago and I thought this was prevented by `Enforce password history`). Set `Minimum password age` to 0 day solved it. – kuma Mar 30 '22 at 22:35
9

I'd also like to point out that in a Windows Server 2008 domain, you can have multiple password policies applied to different OUs; with previous versions of AD, you could only have a single global password policy for each domain.

Massimo
  • 68,714
  • 56
  • 196
  • 319
3

There's also a great article at the Technet site:

http://technet.microsoft.com/en-us/magazine/cc137749.aspx

That helps explain the differences between the new Windows 2008 password policy options and the "old" Windows 2003/2000 domain password policies.

It's good reading to make sure you understand what you can do now, especially since you stated that you are using Windows 2008.

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
3

Open Local Security Policy by clicking the Start button Picture of the Start button, typing secpol.msc into the search box, and then clicking secpol.‌

In the left pane, double-click Account Policies, and then click Password Policy.

Double-click the item in the Policy list that you want to change, change the setting, and then click OK.

vaheeds
  • 175
  • 8
1

You should find it in

Computer Configuration > Windows Settings > Accounts Policies > Password Policy

There is an option labeled "Password must meet complexity requirements"

disable this to achieve what you want.

LukeR
  • 3,086
  • 2
  • 29
  • 25
  • 1
    You're not telling him where to go to find this-- only what to change. He found this in the local group policy already, but that's not where he needs to be changing it. – Evan Anderson Jun 04 '09 at 12:30
  • Fair enough. I guess I assumed they would be looking in the Group Policy since, that's they said they were looking there. Nice answer though. Upvoted. – LukeR Jun 04 '09 at 13:14
1

Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy > Password must meet complexity requirements

I recommend creating a new policy (named 'Password' or something similarly helpful) rather than editing the Default.

ryan
  • 113
  • 4
Kara Marfia
  • 7,892
  • 5
  • 32
  • 56
0

there should be something in the settings, i think it's
Computer Configuration > Windows Settings > Accounts Policies > Password Policy

harryovers
  • 113
  • 3