Disable Strong Passwords Enforcement

By default Microsoft Windows Server 2008 enforces users in the Administrator usergroup to use strong passwords. Home users just want to create their own passwords without meeting any policies or leave it blank. This tutorial will explain how to disable these complexity requirements!

1. Click Run in the menu Start, then type gpedit.msc and click OK. In the Local Group Policy Editor expand Computer Configuration -> Windows Settings -> Security Settings -> Account Policies and click Password Policy.

StrongPasswordsEnforcement1.jpg

2. In the right pane double click Password must meet complexity requirements and set it to Disabled. Click OK to save your change. You will now not longer be forced to use strong passwords; you can even use a blank one!

StrongPasswordsEnforcement2.jpg

3. Optionally you can also choose to never let expire your passwords. To do this also open the Maximum password age policy and set set the value to 0. Click OK to save the policy change!

Thanks to Michael Sully and Mark for informing me about this tweaks!

Leave a comment ?

22 Comments.

  1. Mark4Dead/DayToDie

    Admin, Maximum password age should be set to 0 so that password never expire.

    Arris: Thanks, that’s useful information for the manual so added an extra step to this page! You are doing a very good job! :)

  2. I noticed that a quicker way to get to that screen was: Administrative Tools -> Local Security Policy -> Account Policies -> Password Policy. Cheers!

    Arris: That’s right but now we are already at the right location so we change two settings at once! ;)

  3. Hey Now,
    This was a great post. It’s just what I wanted to do. I also love the series of Windows Server 2008 as a workstation.

    Thx 4 the info,
    Catto

  4. I tried this and those options are greyed out? It won’t let me disable or change password length etc. Help

    Arris: Are you sure you haven’t joined a domain and that (parts of) the Group Policy Editor are disabled by the Domain Administrator? That is the only reason I can think of.

  5. I also have the same problem. I tried to logon as Sys Admin but the GPE is still greyed out. How do I fix this?

    Arris: I don’t know what the cause of this problem can be. If you ask your question at the Microsoft Technet Forums – Server 2008 section, I am sure you ‘ll get the solution!

  6. Hi,

    This password settings solution rarely works (just google for “password complexity 2008″ and you’ll see what I mean) – The only solution I found was to create a new Group Policy, unlink and unenforce the default policy then disable the “Inherit settings” from your new policy. Then set the password settings as above and set the Link and Enforce settings for the new policy.

    Phew!! – After all that open a command prompt and run “GPUpdate /force”

    I couldn’t find any instructions on the Net that actually explained this in an understandable way, even at MSDN! – This finally worked for me, however I AM running a domain so all GP’s and GPO’s have to be linked to that domain. DO NOT DELETE THE DEFAULT POLICY – It’s needed by various system services (What a stupid thing to do MS!)

    Hope this helps…

    NevTheTech.

  7. Oh I forgot,

    Why would anyone want to spend all that money on a Server operating system, then cripple it by running loads of CPU intensive services that aren’t needed to run a network? Just buy Vista and you have all the eye munchies without the extra expense of Server 2008. We all know that Vista and Server 2008 are basically the same OS just with specific services and programs either enabled or disabled according to what the machine will be used for. Using 2008 as a workstation is maybe interesting on a techie basis but I would seriously check your grip on reality if you actually consider doing this in the workplace. Don’t let your boss catch you either (or at least anyone who knows anything about computers – so your boss is probably OK actually.)

  8. Students can currently get Server 2008 free through the DreamSpark program. I don’t really feel like buying a gaming OS to supplement my Linux install, thus I’m here.

  9. camiliosalomanda

    If you are joined to a domain or using this as a workstation slash domain controller as i am then you need to do this through the Group Policy Manager in the Administrative Tools under Computer Configuration>Policies>Windows Settings>Security Settings>Account Policies>Password Policies: Then you will be able to edit the password policy for the entire domain. I am using two server 08 as domain controllers and have three machines on the domain and it enforced the policy for all.

    Arris: Thanks for this tip!

  10. Some times ,you might see an inactive option buttons when you want to enable or disable the so called “Password meet Complexity requirements”

    The best option can be to try Group policy editor Default Domain Policy>> Computer Configuration>> Windows Setting >> Security settings>> Account policy >>Password Policy.

    then, you can see both options active.

    Cheers!!

  11. There is NO ‘Computer Configuration’ under administrative tools in windows 2008. Come on, at least post correct step links!!

    Arris: Are you serious? :) I’ve seen that “folder” in all Windows versions I’ve used! Upload a (non-PhotoShopped) screenshot of what you see to convince me. ;)

  12. Re Mike:

    There really isn’t anything called “Computer Configuration” listed under administrative tools in Windows 2008.

    http://img717.imageshack.us/img717/3550/admintools.jpg

  13. Thank you very much for all this usefull information avaliable here.
    I am using server 2008R2 on my laptop, this operating system is really the one that I want.you are doing really good job.
    Thanks again
    Kindly regards

    Arris: Thanks for your comment :) Did you notice that although much tweaks are the same, there is also a website dedicated to the R2 version of Windows Server 2008? It’s: http://www.win2008r2workstation.com. Enjoy your laptop with 2008 R2! ;)

  14. What if disabled option is not active?

  15. i have windows server 2008 as my domain controller ,i am facing problem when i want to change
    password complexity , i went
    local security policy / acount policy
    when i want to change it , all option are disbled
    i cant change any thing,
    help plz

  16. Is it possible to remove the password policy completely.

  17. Really helpful especially with images.

  18. Dear,
    i have the same problem, when i go to there i can’t check or change option too.
    so where way that i enable to change or checked it :sad: :?: :?:

  19. Thanks!! Exactly what i was looking for :razz:

  20. Some times ,you might see an inactive option buttons when you want to enable or disable the so called “Password meet Complexity requirements”

    The best option can be to try Group policy editor Default Domain Policy>> Computer Configuration>> Windows Setting >> Security settings>> Account policy >>Password Policy.

    then, you can see both options active.

  21. hi!
    I can’t Disable account policy for window server 2008R2. I can disable when that me not yet install Active Directory, when me install Active Directory ready block can’t disable. i don’t know why ? :neutral:

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>