Where do I go to disable the password complexity policy for the domain?
I've logged onto the domain controller (Windows Server 2008) and found the option in local policies which is of course locked from any changes. However I can't find the same sort of policies in the group policy manager. Which nodes do I have to expand out to find it?
You're looking to change the password complexity setting you found in the "Default Domain Policy", not the local group policy. Then do a "gpupdate" and you'll see the change take effect.
Open Group Policy Management Console (Start / Run / GPMC.MSC), open the Domain, and right-click and Edit the "Default Domain Policy". Then dig into the "Computer Configuration", "Windows Settings", "Security Settings", "Account Policies", and modify the password complexity requirements setting.
Editing the "Default Domain Policy" is definitely a quick-and-dirty thing to do. The better thing to do, once you get a better handle on group policy management, would be to return the default back to default settings and make a new GPO overriding the default with the settings you want. To get you by fast, though, editing the default isn't going to hurt you.
I'd also like to point out that in a Windows Server 2008 domain, you can have multiple password policies applied to different OUs; with previous versions of AD, you could only have a single global password policy for each domain.
There's also a great article at the Technet site:
http://technet.microsoft.com/en-us/magazine/cc137749.aspx
That helps explain the differences between the new Windows 2008 password policy options and the "old" Windows 2003/2000 domain password policies.
It's good reading to make sure you understand what you can do now, especially since you stated that you are using Windows 2008.
Open Local Security Policy by clicking the Start button Picture of the Start button, typing secpol.msc into the search box, and then clicking secpol.
In the left pane, double-click Account Policies, and then click Password Policy.
Double-click the item in the Policy list that you want to change, change the setting, and then click OK.
You should find it in
Computer Configuration > Windows Settings > Accounts Policies > Password Policy
There is an option labeled "Password must meet complexity requirements"
disable this to achieve what you want.
Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy > Password must meet complexity requirements
I recommend creating a new policy (named 'Password' or something similarly helpful) rather than editing the Default.
there should be something in the settings, i think it's
Computer Configuration > Windows Settings > Accounts Policies > Password Policy
Computer ConfigurationthenPolicies,Security Settings,Account Policythen double click onPassword must meet password complexity requirementand disable it. – Aug 07 '11 at 11:01Minimum password ageset to 1 day (I was trying to revert back to a password changed few hours ago and I thought this was prevented byEnforce password history). SetMinimum password ageto 0 day solved it. – kuma Mar 30 '22 at 22:35