How can I disable the
password requirement for a user in a Windows Server 2003 Active Directory
domain?
Windows Server
2003 provides security policies that ensure that all users select strong
passwords. Creating a password policy involves setting the following options in
the Default Domain Group Policy . These policies, with the exception of
those settings related to password lifetime, are enforced on all users in a
domain.
The default
password filter (Passfilt.dll) included with Windows Server 2003 requires that
a password:
·
Is
not based on the user’s account name.
·
Contains
at least six characters.
·
Contains
characters from three of the following four categories:
·
Uppercase
alphabet characters (A–Z)
·
Lowercase
alphabet characters (a–z)
·
Arabic
numerals (0–9)
·
Nonalphanumeric
characters (for example, !$#,%)
As stated above,
this policy is enabled by default.
In some
occasions, such as testing, lab-building, classes and so on, you might want to
disable this built-in requirement.
Security
Warning: Bare in mind that this
setting can only be enabled/disabled at the domain level, and NOT on an OU
level. Disabling the password requirement for an entire domain will lower your
security configuration, and should only be done when absolutely necessary.
In order to
disable this requirement you need to edit the Default Domain Policy for your
domain.
1.
Go to
Administrative tools folder.
2.
Double-click
on the Default Domain Security Policy icon.
Note: If for any reason you don"t see that icon you can
still edit the Default Domain Group Policy from the AD Users and Computers
snap-in, or from a GPMC window (if you have GPMC installed - Download GPMC).
3.
Navigate
to Security Settings > Account Policies > Password Policy.
4.
Right-click
on the Minimum Password Length option in the right pane and select Properties.
5.
Keep the V
on the Define Setting selected! Do not remove the V from that check-box.
Removing the V will cause the GPO to revert to the default setting, which is
what we are trying to remove in the first place.
6.
Enter 0
(zero) for the number of minimum characters required in a password.
7.
Now
double-click on the Passwords Must Meet Complexity Requirements option in the
right pane.
8.
Again, do
not remove the V from that check-box. Instead, select Disabled.
9.
Click OK
all the way out and close the GPO window.
In order to
refresh the policy type the following command in a CMD window and click ENTER:
Done.
Related articles
You may find
these related articles of interest to you:
·
Add Unlock User Option to Active Directory Users and
Computers
·
Add User Account Information to Active Directory Users
and Computers
·
Create Taskpads for Active Directory Operations
·
Create Users for Testing Purposes
·
Import Saved Queries in Windows Server 2003 AD Users
& Computers
·
LDAP Search Samples for Windows Server 2003 and
Exchange 2000/2003
·
List all Users and Groups in Domain
·
Saved Queries in Windows Server 2003 AD Users &
Computers
·
View Additional User Information in AD Users and
Computers
·
OrgBuilder