Disable Strong Password Enforcement and Password Aging

By default Microsoft Windows Server 2012 enforces users in the Administrators group to use strong passwords. Home users often just want to create their own passwords or leave them blank.

1. Open the Start screen and click the Administrative Tools icon.
Administrative Tools at Start screen

2. In Administrative Tools folder, pharmacy double click the Local Security Policy icon, expand Account Policies and click Password Policy. In the right pane double click Password must meet complexity requirements and set it to Disabled. Click OK to save your policy change.
Disable password complexity requirements

3. Optionally you can also choose to never let passwords expire. To do this open the Maximum password age policy and set set the value to 0. Click OK to apply the change.
Disable password aging

 

Continue to disable the Shutdown Event Tracker…


You may also like...

40 Responses

  1. MikeS says:

    First, thank you… this guide is awesome.
    On my server, these settings are disabled under the Local Security Policy (WS2012 Essentials.) However, they can be changed under the Group Policies.

    From the charms, search Apps for “gpmc.msc” and start it.
    Group Policy Management -> Forest: YourServerName.local -> Domains -> YourServerName.local
    Select “Default Domain Policy” then right-click and select “Edit…” to open the Group Policy Management Editor.

    Group Policy Management Editor
    Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy

    • Arris says:

      I’m glad you like the guide and thanks for your comments! 🙂

      • hoangnguyen says:

        Hi pro,

        I can not disable Password must meet complexity requirements because it’s unhide. Please help me! Thank you

        • َA.P.Behbahani says:

          The password does not meet the password policy requirements, just follow these steps to Disable Password complexity in Windows Server 2012

          In the Server Manager click on Tools and from the drop down click Group Policy Management
          Expand Forrest >> Domains >> Your Domain Controller.
          Right click on the Default Domain Policy and click on the Edit from the context menu.
          Now Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
          Double-click on the Passwords Must Meet Complexity Requirements option in the right pane.
          Select Disabled under define this policy setting:
          Click Apply then OK all the way out and close the GPO window

    • Kuldeep Bishnoi says:

      Thank you Mike.. now issue has been sorted out..

    • DavidW says:

      I configured the Group Policy like you said but still no luck, when i try to change a password, I still get the error saying that it doesn’t meet the right requirements. I checked back under Local Security Settings and the option to disable password complexity is still unchanged. Also, when I went into Group Policy editor and right clicked on “Default Domain Policy” like you said, I also clicked enabled thinking that the Group Policy would override the settings but alas, no such luck.
      I work at a small private school and want a generic student account for all the kids. The password has to be easy because I have Kindergartners logging in.
      Any help is appreciated.

      • Chris says:

        I had a similar problem where the GPO was set correctly, but did not seem to be taking effect even after running “gpupdate /force” from the command line. I found this article which helped me resolve my issue: http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part1.html

        In my case, the problem was I did not have any groups set in the “Security Filtering” window. Thus, this policy was not applicable to anyone. Once I added the “Authenticated Users” group and re-ran “gpupdate /force”, everything worked.

        From the article above I also learned about the RSOP.msc tool, which will basically show you what policies are in effect and can help you track down what is occurring.

    • Liquid Khaos says:

      MikeS You da Man! Not that its a big, but we need to add Policies in the chain below. ThankU ThankU

      Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy

    • Søren K says:

      Thank you for sharing, those password restrictions where locked on my server for some reason, your solution worked.

      Thank you.

    • James C. says:

      Under Windows Server 2012 R2 Essentials this doesn’t work anymore. I found this Microsoft TechNet for the correct method to change the password policy. It’s surprisingly easy 🙂

      http://technet.microsoft.com/en-us/library/jj713520.aspx

    • M. Yehia says:

      Yes, indeed. I think The (Password must meet complexity requirements) by default is disable for one reason to protect a very important Machine in your organization, so, If we have one effective solution which is Group Policy Management we can do what we want and everything going to be okay.

      otherwise, special thanks and this guide is useful!

    • Kevin says:

      Thank God someone understands Active Directory.

    • Bahrul Halimi says:

      Thanks a lot

    • SAM says:

      Thanks a lot

      it is very helpful

    • AURANG ZEB KHAN says:

      Very awesome. I solved the problem.
      Thanks MikeS

    • Spiros says:

      Thank you MikeS. Your answer help’s me !!!!

    • Nazrul Farazi says:

      Thanks a Lot
      It’s work properly.

  2. griff says:

    Thanks, was a useful one this!

  3. Aaron Booker says:

    Mike – thanks so much for your addition. WSE2012 Group Policies had me stuck… Thanks a ton.

    Aaron

  4. Robert says:

    Thanks a lot ! It helps !

  5. Basheer says:

    thanx a lot !!!!

  6. jkhuston says:

    still does not work. Even after making the changes to the group policy with the editor you still get the error message when adding a new user with less than adequate password.

  7. Josh says:

    After performing the group policy suggestion I ran gpupdate in the command prompt. It worked. Thanks!

  8. Brad says:

    Do you know how to do this on a core install that is not AD joined?
    GUI is great but I don’t want to install the GUI just to do this and then remove the GUI.

  9. TIENG Chandara says:

    It also not work for me,
    I have navigate to local policy –> account policy and try to change default configuration of account policy container such as password length, complexity meet,.. yet it not able to change, it all disabled.
    Please help me solve this..

  10. Girmaw Zeleke says:

    i disabled strong password complexity in windows 2008 server but still i unable to change my password with blank or simple passwords

    thank you

    Girmaw Zeleke
    hopping that you respond immediately

  11. Girmaw Zeleke says:

    I have navigate to local policy –> account policy and try to change default configuration of account policy container such as password length, complexity meet,.. yet it not able to change, it all disabled.

  12. Thierry PROST says:

    Same for me.

    All grey and can’t change it, also for password minimal time before changing it.

  13. KCJET says:

    Group policy method worked great. It’s been the same for a long time 2003 at least. Just make sure to update the GP. go to Command Prompt and type GPUPDATE /FORCE

  14. Vincent says:

    I had the same issue I had to login to Domain Controller and then open command prompt. type secpol.msc and then run ( this will open up loacal local group policy on the Domain controller) . Security settings > Account settings > password Policy and change settings in there and close the window. Then run a gpupadte /force on client. That worked for me. 🙂

  15. When Ioriginally commented I clicked the “Notify me when new comments are added” checkbox and
    now each time a comment is added I get four emails with the same comment.
    Is there any way you can remove me from that service?
    Bless you!

  16. Zelma says:

    Tanto el licor de bellota, como la crema de bellota son productos muy demandados fuera de la región.

  17. prawnik says:

    Do naprawy na jakiś czas. Na jaki jest to nie największych ilościach piękne
    samochody są pod opieką konsultanta. Z usług standardowych,
    które są to usługa, że obsługa przygotuje nam gotowe opcje wynajmu samochodów
    jest już polsce na okres zawierania kontraktów i kondycji naszego rynku wiele
    firm.

  18. Jim Reynolds says:

    Hey Mike,

    I was in the same situation as you. This rocked! Worked perfect – Thanks so Much!

  19. uK says:

    it is help full answer thnx alot but when I go to password policy a diloge box appear which had two option endable or disable but the DISABLE option was not selected by me because the radio button of DISABLE option was also disable which was not selected by me Kindly help me if any one can…. 🙁 🙁

Leave a Reply

Your email address will not be published. Required fields are marked *