Windows 2003 server password questions.

Discussion in 'Server Security' started by Nina, Jun 20, 2004.

  1. Nina

    Nina Guest

    When I create a new user with 4 letters such as "abcd" on my windows 2003
    server, and it came with error

    "The password does not meet policy requirement, Check the min password
    length, password Complexity and password history requirment."

    And thus, I went to AD users and computer and right click the domain
    properites, then click on group policy and click edit. Locating the password
    policy tab, then click not define for all. ( I also tried disable all.)
    I then use groupupdate.exe on command prompt after I make all the changing.

    Go to domain controller and domain secuirty policy under administrative task
    folder to apply the same thing, I still get the same error.

    (If I create like 12 letter with number and sign such as #, !, then it
    works. How do I know what is the Password complexity requirment on my 2k3
    server now?????)

    However, that error still come back up. Why the policy not kicking in to my
    does anyone give me some advice? Thank you very much.
    Nina, Jun 20, 2004
    1. Advertisements

  2. Use RSOP.msc. this will tell you the policy that is affecting your machine.
    then track down where that policy is located.

    Also with GPUpdate, you might want to try the /f (force ) option
    Dusty Harper {MS}, Jun 22, 2004
    1. Advertisements

  3. Nina

    TQuinn Guest

    Try setting the Min and Max password ages

    TQuinn, Jul 5, 2004
  4. <snip>
    Hi Nina,
    You shouldn't set the domain password settings to "Not defined" but
    rather to a specific value (which for some can be 0 to disable them).The
    reason for this is special behaviour on the part of DC - when a password
    (or account) policy is not defined at the domain level they use their
    *local* security policy. I won't go into detail here, but bottom line is
    that to keep things "obvious" you should set specific values for these
    settings in domain-level policies.

    Password complexity refers to a password that:
    * Is >= 6 characters
    * Contains at least 3 of the below 4 types of chars:
    - small letters a-z
    - CAPS (A-Z)
    - digits (0-9)
    - special symbols (punctuation and all types of symbols even those
    that can be input only using their ASCII code)

    By default, in a Win2K3 domain password complexity is enabled, as well
    as minimum password length, age, history, etc. Also remember that all
    password and account policies *must* be defined in a domain-level GPO.
    So what you need to do to allow short and non-complex passwords is edit
    Default Domain Policy to:
    * Explicitly *disable* "Password must meet complexity requirements"
    * Set "Minimum password length" to 0 (allow blank password) or more

    Marin Marinov
    MCT, MCSE 2003/2000/NT4.0,
    MCSE:Security 2003/2000, MCP+I
    This posting is provided "AS IS" with no warranties, and confers no

    "True knowledge exists in knowing that you know nothing."
    Marin Marinov, Jul 5, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.