Disable Strong Passwords Enforcement

By default Microsoft Windows Server 2008 enforces users in the Administrator usergroup to use strong passwords. Home users just want to create their own passwords without meeting any policies or leave it blank. This tutorial will explain how to disable these complexity requirements!

1. Click Run in the menu Start, pharm then type gpedit.msc and click OK. In the Local Group Policy Editor expand Computer Configuration -> Windows Settings -> Security Settings -> Account Policies and click Password Policy.

StrongPasswordsEnforcement1.jpg

2. In the right pane double click Password must meet complexity requirements and set it to Disabled. Click OK to save your change. You will now not longer be forced to use strong passwords; you can even use a blank one!

StrongPasswordsEnforcement2.jpg

3. Optionally you can also choose to never let expire your passwords. To do this also open the Maximum password age policy and set set the value to 0. Click OK to save the policy change!

Thanks to Michael Sully and Mark for informing me about this tweaks!

22 thoughts on “Disable Strong Passwords Enforcement”

  • Sentayehu says:

    Some times ,you might see an inactive option buttons when you want to enable or disable the so called β€œPassword meet Complexity requirements”

    The best option can be to try Group policy editor Default Domain Policy>> Computer Configuration>> Windows Setting >> Security settings>> Account policy >>Password Policy.

    then, you can see both options active.

  • Dear,
    i have the same problem, when i go to there i can’t check or change option too.
    so where way that i enable to change or checked it πŸ™ ❓ ❓

  • i have windows server 2008 as my domain controller ,i am facing problem when i want to change
    password complexity , i went
    local security policy / acount policy
    when i want to change it , all option are disbled
    i cant change any thing,
    help plz

  • serkanulas says:

    Thank you very much for all this usefull information avaliable here.
    I am using server 2008R2 on my laptop, this operating system is really the one that I want.you are doing really good job.
    Thanks again
    Kindly regards

    Arris: Thanks for your comment πŸ™‚ Did you notice that although much tweaks are the same, there is also a website dedicated to the R2 version of Windows Server 2008? It’s: http://www.win2008r2workstation.com. Enjoy your laptop with 2008 R2! πŸ˜‰

  • There is NO ‘Computer Configuration’ under administrative tools in windows 2008. Come on, at least post correct step links!!

    Arris: Are you serious? πŸ™‚ I’ve seen that “folder” in all Windows versions I’ve used! Upload a (non-PhotoShopped) screenshot of what you see to convince me. πŸ˜‰

  • Sentayehu says:

    Some times ,you might see an inactive option buttons when you want to enable or disable the so called “Password meet Complexity requirements”

    The best option can be to try Group policy editor Default Domain Policy>> Computer Configuration>> Windows Setting >> Security settings>> Account policy >>Password Policy.

    then, you can see both options active.

    Cheers!!

  • camiliosalomanda says:

    If you are joined to a domain or using this as a workstation slash domain controller as i am then you need to do this through the Group Policy Manager in the Administrative Tools under Computer Configuration>Policies>Windows Settings>Security Settings>Account Policies>Password Policies: Then you will be able to edit the password policy for the entire domain. I am using two server 08 as domain controllers and have three machines on the domain and it enforced the policy for all.

    Arris: Thanks for this tip!

  • Students can currently get Server 2008 free through the DreamSpark program. I don’t really feel like buying a gaming OS to supplement my Linux install, thus I’m here.

  • NevTheTech says:

    Oh I forgot,

    Why would anyone want to spend all that money on a Server operating system, then cripple it by running loads of CPU intensive services that aren’t needed to run a network? Just buy Vista and you have all the eye munchies without the extra expense of Server 2008. We all know that Vista and Server 2008 are basically the same OS just with specific services and programs either enabled or disabled according to what the machine will be used for. Using 2008 as a workstation is maybe interesting on a techie basis but I would seriously check your grip on reality if you actually consider doing this in the workplace. Don’t let your boss catch you either (or at least anyone who knows anything about computers – so your boss is probably OK actually.)

  • NevTheTech says:

    Hi,

    This password settings solution rarely works (just google for “password complexity 2008” and you’ll see what I mean) – The only solution I found was to create a new Group Policy, unlink and unenforce the default policy then disable the “Inherit settings” from your new policy. Then set the password settings as above and set the Link and Enforce settings for the new policy.

    Phew!! – After all that open a command prompt and run “GPUpdate /force”

    I couldn’t find any instructions on the Net that actually explained this in an understandable way, even at MSDN! – This finally worked for me, however I AM running a domain so all GP’s and GPO’s have to be linked to that domain. DO NOT DELETE THE DEFAULT POLICY – It’s needed by various system services (What a stupid thing to do MS!)

    Hope this helps…

    NevTheTech.

  • I tried this and those options are greyed out? It won’t let me disable or change password length etc. Help

    Arris: Are you sure you haven’t joined a domain and that (parts of) the Group Policy Editor are disabled by the Domain Administrator? That is the only reason I can think of.

  • Hey Now,
    This was a great post. It’s just what I wanted to do. I also love the series of Windows Server 2008 as a workstation.

    Thx 4 the info,
    Catto

  • I noticed that a quicker way to get to that screen was: Administrative Tools -> Local Security Policy -> Account Policies -> Password Policy. Cheers!

    Arris: That’s right but now we are already at the right location so we change two settings at once! πŸ˜‰

  • Mark4Dead/DayToDie says:

    Admin, Maximum password age should be set to 0 so that password never expire.

    Arris: Thanks, that’s useful information for the manual so added an extra step to this page! You are doing a very good job! πŸ™‚

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>