Can't set Password to anything but empty

1

I have a Windows 7 Professional workstation in a domain network. I need to create a new local user account. If I leave the password empty, the account is created. When I try to set a password I always get an error which says that the password is invalid because of the password policy. In the security policies I don't the are no rules set which would prevent the passwords I tried.

When I create the user with an empty password and afterwards try to set some password I get the same error.

Creating local accounts on other workstation in the same domain with the same OS works without problems.

Why can't I set the password of local accounts to anything but empty?

raznagul

Posted 2012-05-22T10:00:25.737

Reputation: 315

I would simply image the workstation again. My guess somebody change a setting that allows for an empty password. – Ramhound – 2012-05-22T12:11:07.820

Answers

1

Does the password your trying to use meet complexity requirements? Minimum 6 character, 3 of 4: lower case, capital letters, symbols, numbers ect. Further details are in the link

You can check gpedit.msc (type in run box) to see the security settings for passwords. Go to windows settings > security settings > account policy > password policy. If options are greyed out it means the the settings are getting pushed from a domain controller through GPO.

Supercereal

Posted 2012-05-22T10:00:25.737

Reputation: 8 643

I tried passwords that match the requirements. The group policies are pushed from the DC and shouldn't be the problem as I works on other workstations with the same settings under password policies. Also the if some rules from the password policies are the problem an empty password shouldn't work either. PS: For Windows 7 the group policies are opened with secpol.msc and not with gpedit.msc. – raznagul – 2012-05-22T13:13:36.370

I'd say go ahead and check gpedit.msc again... secpol.msc has about half the options available and doesn't let you view what is being pushed down. You should also do a quick google search on the differences between the two so you understand why it's a problem to use polsec.msc in a domain environment. – Supercereal – 2012-05-22T13:30:20.153

Also secpol.msc has been around since windows 2000... – Supercereal – 2012-05-22T13:36:03.580

I now checked gpedit. Complexity requirements and reversible encryption come from the domain are set to deactivated. The other options in password policy are set to 0 an can be set locally. – raznagul – 2012-05-22T14:13:39.773

Asked: 2012-05-22T10:00:25.737

Viewed: 1 173 times

Active: 2013-04-12T05:39:20.800