When setting up a new Windows Server 2008 server either with or without Active Directory you will discover that it has a rather strong policy for passwords. If you try to set a simple password, you’ll receive the following error message:
“Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain”
Part 1: Password Complexity Requirements in Windows Server
When this policy setting is enabled, users must create strong passwords to meet the following minimum requirements:
- Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
- Passwords must be at least six characters in length.
- Passwords must contain characters from three of the following four categories:
- English uppercase characters (A through Z).
- English lowercase characters (a through z).
- Base 10 digits (0 through 9).
- Non-alphabetic characters (for example, !, $, #, %).
Part 2: Disable Password Complexity Requirements in Windows Server
If your computer is a standalone server without Active Directory installed, follow the steps below and you can the disable password complexity requirements for Windows local accounts. While this will disable the password complexity policy for domain user accounts, if you perform the steps on a domain controller.
- Launch Command Prompt as an administrator.
Type the following command and hit Enter to export the password policy:1secedit.exe /export /cfg C:\secconfig.cfg
- Using notepad to edit the exported file: C:\secconfig.cfg
- Look for the line “PasswordComplexity = 1” and change it to “PasswordComplexity = 0“, also edit “MinimumPasswordLength = 7” to a lesser value if you like.
- Save your changes to the file. Back to the Command Prompt and type the following command to apply the new password policy:
1secedit.exe /configure /db %windir%\securitynew.sdb /cfg C:\secconfig.cfg /areas SECURITYPOLICY
- At this point you can set a new less complex password!