Lowering Password Complexity Requirements of New AD Accounts

It’s funny how much you forget when you don’t touch it for a long time. It’s also kind of funny how quickly you can pick it back up.

I was setting up some new user accounts on my home domain and I realized that the password complexity requirements were too annoying for my users. If you are using a Windows Server 2008 R2 AD, you can do the following to remove the password complexity requirements:

How to Change Active Directory Password Policy in Windows Server 2008

  1. Click Start, click Administrative Tools, and then click Group Policy Management.
  2. Under Group Policy Management window, go to Forest > Domains > {your domain} > Default Domain Policy, click on the Settings tab you can see the default password policy applied to your domain user accounts.Unfortunately, there is no option for you to edit or change the default domain policy. The only way to change your password policy is to create a new domain policy to overwrite the default domain policy.
  3. To create a new domain policy, please click on your domain name in the left panel, then select Create a GPO in this domain, and Link it here….
  4. Now right-click on the domain policy you’ve created and then click Edit.
  5. In the appearing window, go to Policies > Windows Settings > Security Settings > Account Policies > Password Policy.
  6. You can double-click on the Password must meet complexity requirements in the right pane to disable the setting, or double-click on Minimum password length to change the password requirement, and so on.
  7. After you complete the editing of your domain policy, right-click on your new domain policy and tick the Enforced and Link Enabled to make your changes to take effect.

More info: http://www.top-password.com/blog/how-to-change-active-directory-password-policy-in-windows-server-2008/

Note that when you change GPO policies, you’ll have to update them on your machine before they’ll take effect. Just run gpupdate to do that. If you want to see the policies that are being enforced, you can run rsop.msc.

Leave a Reply

Your email address will not be published. Required fields are marked *