10

How do you disable the password complexity requirements on a Microsoft Hyper-V Server 2008 R2?

Keep in mind that when you log into the server, the only UI you have is:

alt text

And you cannot run gpedit.msc:

C:\Users\Administrator>gpedit.msc
'gpedit.msc' is not recognized as an internal or external command, 
operable program or batch file.

because there are no .msc snap-ins installed with Microsoft Hyper-V Server 2008 R2.

The problem comes when you're trying to add an account to the server, so you can manage it, but it doesn't like most passwords:

alt text

And, predictably, typing

NET HELPMSG 2245

gives you

The password does not meet the password policy requirements. Check the minimum p
assword length, password complexity and password history requirements.

i hoped it would have been a friendly user experience, and either:

  • offered to disable the password policy
  • tell me how to disable the password policy
  • tell me how to check the minimum password length, password complexity and password history requirements.

Password Complexity Requirements

The Microsoft's default password complexity for Server Core is:

  • Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
  • Passwords must be at least six characters in length.

  • Passwords must contain characters from three of the following four categories:

    1.English uppercase characters (A through Z).

    2.English lowercase characters (a through z).

    3.Base 10 digits (0 through 9).

    4.Non-alphabetic characters (for example, !, $, #, %).

External links

Update: 2k views? So many people keep coming coming to it: up-vote it!

Glorfindel
  • 1,213
  • 3
  • 15
  • 22
Ian Boyd
  • 5,131
  • 14
  • 57
  • 79
  • Suggestion: As this is about Server Core, remove references to Hyper-V. – Richard Sep 05 '09 at 18:59
  • Hyper-V is a product, that is based on Server Core. It it also applies to other Server Core based products: that's fine. But my question comes from, and deals specifically with, Hyper-V. (See the screenshot) – Ian Boyd Apr 04 '10 at 00:04

2 Answers2

16

You can export security settings with:

secedit /export /cfg X:\new.cfg

Then you edit new.cfg (it is ini format) and change line "PasswordComplexity = 1" to "PasswordComplexity = 0". Apply it on Hyper-V server with:

secedit /configure /db C:\Windows\security\new.sdb /cfg X:\new.cfg /areas SECURITYPOLICY

You can find more details in this blog post.

Josip Medved
  • 1,674
  • 2
  • 18
  • 18
  • 1
    You can also install Group Policy Management on a domain member workstation and administer the policies remotely in a graphical environment. In this case, I would recommend creating a Central Store for Group Policy according to this blog post: http://blogs.technet.com/b/askpfeplat/archive/2011/12/12/how-to-implement-the-central-store-for-group-policy-admin-templates-completely-hint-remove-those-adm-files.aspx You may also want to install other remote server administration tools such as ADUC. – Jonathan J Oct 30 '14 at 20:05
  • Automatic PowerShell script: http://stackoverflow.com/a/23265181/441652 – uvsmtid Aug 30 '16 at 15:21
0

Open Local Security Policy by clicking the Start button Picture of the Start button, typing secpol.msc into the search box, and then clicking secpol.‌ Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

In the left pane, double-click Account Policies, and then click Password Policy.

Double-click the item in the Policy list that you want to change, change the setting, and then click OK.

vaheeds
  • 175
  • 8