16

I have an internal only Windows Server 2012 which I want to disable the password policy on. (The server is also a domain controller, if that makes any difference.)

I've tried following the instructions on this helpful blog, but when I double click on any of the entries, the control on the properties dialog (to set the value) is disabled.

I'm logged into the server as an administrator, and I've open the Local Security Policy as an administrator.

Can anybody explain why I'm unable to change these values?

(Please be gentle, I'm a programmer, not a network guru.)

freefaller
  • 475
  • 1
  • 3
  • 18

2 Answers2

15

@Joe sent me in the correct direction, and from his comment I found this blog via Google.

The bit in particular which was useful was a comment left on the blog...

On my server, these settings are disabled under the Local Security Policy (WS2012 Essentials.) However, they can be changed under the Group Policies.

From the charms, search Apps for “gpmc.msc” and start it. Group Policy Management -> Forest: YourServerName.local -> Domains -> YourServerName.local Select “Default Domain Policy” then right-click and select “Edit…” to open the Group Policy Management Editor.

Group Policy Management Editor Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy

freefaller
  • 475
  • 1
  • 3
  • 18
  • I disabled the complexity requirements and my server still will not allow me to set a user's password to something simple. – Mike S Feb 18 '16 at 18:57
  • Ah... the minimum password length is still enforced. Even so, when I set it to "6 characters", it still requires me to type in 8 characters. It will not take 6, nor will it take 7. But it will take `aaaaaaaa` ...8 `a`'s, and no less. – Mike S Feb 18 '16 at 19:19
  • And, by the way, if you remote into a machine that uses a different keyboard than the one you're used to, Windows may not accept the characters you type. I just tried to set a password using a "#" sign on my keyboard- which is part of my user's password. My US keyboard was sending £ to the AD server. Windows did not accept the £ char in the AD Users and Computers "reset password" dialog. Which is good, because it would have confused us even more in the future...! :-) – Mike S Feb 18 '16 at 19:33
7

You're trying to edit this setting using the Local Security Policy editor but the setting is configured in Group Policy and that's where you need to change it.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172