Disable - Password must meet complexity requirement.

Discussion in 'Active Directory' started by abckid, Jun 2, 2008.

  1. abckid

    abckid Guest

    Hi,

    We want to disable the "Password must meet complexity requirement" option
    for all the domain users. We want to have simple requirement for user
    passwords.

    I disabled/removed the Default domain policy and created a new Company
    policy for all the users, where in the computer configuration - windows
    settings - security settings - account policies - password policies, i
    disabled the "Password must meet complexity requirement" option. I selected a
    test pc user and computer account in the security filtering.

    The policy does get applied, but the password complexity settings are not
    removed.

    Please guide, how to disable this setting for all domain users.

    Thanks in advance,

    abckid.
     
    abckid, Jun 2, 2008
    #1
    1. Advertisements

  2. Hello abckid,

    The setting should be removed the next time, when the user change the password.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Jun 2, 2008
    #2
    1. Advertisements

  3. abckid

    abckid Guest

    Hi,

    Thanks for reply.

    You mean to keem the option for password complexity for all the domain users
    and not to disable ?

    Well, we may select the option later, but initially we want users to be able
    to change their password without the complexity requirement. How to disable
    this option for all the users ?

    Thanks again,

    abc.
     
    abckid, Jun 2, 2008
    #3
  4. abckid

    Jorge Silva Guest

    Hi
    First remember that the Policy for the domain is applied at domain level
    (generally in the default domain policy), although you can use password
    settings at the lower OUs, these policies will be ONLY applied at local
    database in the machines for their LOCAL accounts. After you change the
    policy, the users won't be prompted to change their passwords immediately,
    but they will get the new definitions when their password policy expires or
    if they try to change it manually.


    --
    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
     
    Jorge Silva, Jun 2, 2008
    #4
  5. abckid

    abckid Guest

    Hi,

    Thanks for reply.

    I understand that this policy shall be applied at the domain level. I will
    be little precise.

    -I removed the default domain policy.
    -I created a new policy at the domain level with rights to a group. This
    group contains all the domain users.
    -I modified this new policy to disable the password complexity requirement.

    Now when i create a new user in the domain, does this policy apply to the
    new user as well. I mean can i just provide simple password. Also i update
    the policy for already existing users and try to change the password manually
    from users pc. But they cannot select simple passwords, they get the message
    with complexity password requirements.

    If you can confirm, when i create a new policy in place of the default
    policy and apply it to all domain users, should that work ? I also disabled
    the password setting from Domain Security Policy from the primary DC.

    Please guide. Thanks,

    abc
     
    abckid, Jun 3, 2008
    #5
  6. abckid

    Jorge Silva Guest

    The default Domain Policy is need, you shouldn't delete it. Default Domain
    Policy has a known GUID that the DCs ask for. So, first step is to recreate
    the Default Domain Policy again.
    To create the Default Domain Policy you use the dcgpofix cmd. Read this
    first:
    http://technet2.microsoft.com/windo...1907-4149-b6aa-9788d38209d21033.mspx?mfr=true

    The second Step is to create a custom policy with the settings that you want
    with higher priority.
    --
    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
     
    Jorge Silva, Jun 3, 2008
    #6
  7. abckid

    abckid Guest

    Hi,

    Thanks for reply.

    I did not delete the policy. Just removed the link from the domain and
    created a new policy and link it to the domain in its place. After disabling
    the password policy from the new linked policy, it does not effect on any
    domain users.

    If the default domain policy is not linked anywhere, then does it make any
    difference what setting are configured on it ?

    Also to mention again, i did disable this setting from the Domain Security
    Policy in Administrative tools.

    Please guide.

    Thanks

    abc.
     
    abckid, Jun 4, 2008
    #7
  8. abckid

    Jorge Silva Guest

    The default domain policy needs to be at domain level, is needed there.

    --
    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
     
    Jorge Silva, Jun 4, 2008
    #8
  9. abckid

    abckid Guest

    Hi,

    Thanks for reply.

    I added the default domain policy at the domain level and it works now.
    Initially even added the default policy was not working since i had second
    gpo which was linked below that with password complexity settings. Although
    the second gpo was also having same settings, but when i removed the setting
    from the bottom policy, it worked fine.

    Thanks again.

    abc.
     
    abckid, Jun 5, 2008
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.