Windows Server 2008 Password Complexity Requirements


I finally got around to installing Windows Server 2008 Standard today.  I performed a Server Core installation, and was suprised how little interaction I had to have with the installer.  It seemed like I answered three or four questions, went to get a Diet Coke, and when I came back the server was at the logon prompt.

During the install process I had not been prompted to provide an Administrator password like I’d experienced during installations of previous Windows Server operating systems.  I entered Administator as the User Name and hit enter, and I was automagically logged onto the server.

Immediately Windows prompted me to change the Administrator password.  I tried reusing a few of my standard passwords, but they kept getting rejected with the following error:

“Unable to update the password.  The value provided for the new password does not meet the length, complexity, or history requirements of the domain”

I tried to create a new password several more time, but nothing worked.  I finally decided to find out what the default password policy requirements were for Windows 2008.

When this policy setting is enabled, users must create strong passwords to meet the following minimum requirements:

  • Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
  • Passwords must be at least six characters in length.
  • Passwords must contain characters from three of the following four categories:
  1. English uppercase characters (A through Z).
  2. English lowercase characters (a through z).
  3. Base 10 digits (0 through 9).
  4. Non-alphabetic characters (for example, !, $, #, %).

I thought it was interesting to find the following explanation from the same web page:

“Password must meet complexity requirements -

This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords. By default, the value for this policy setting in Windows Server 2008 is configured to Disabled, but it is set to Enabled in a Windows Server 2008 domain for both environments described in this guide.”

That was not the behavior I had experienced with my initial install of Windows Server 2008.  This was a core installation and was not a domain member, so why was the policy enabled? 

On another note, when you want to log out of Server Core, simply type logoff

62 Responses to “Windows Server 2008 Password Complexity Requirements”

  1. Windows Server 2008 Password Complexity Requirements | Windows 2008 Security Says:

    [...] Continued here: Windows Server 2008 Password Complexity Requirements [...]

    • Davood Says:

      That’s work perfectly.Thanks

  2. SIOK Online - MVP Says:

    Same thing here. Downloaded the MSDN version, burned iso to dvd, and was prompted for a key. Tried the one that I was given for all versions, and it didn’t work.

    Then I remembered NOT to enter the key, to be prompted to choose the version to install. I chose ENTERPRISE (Full) and had the same thing happen.

    I found this page, which explains it clearly, but I thought I’d add the other part!

  3. inconspicuous Says:

    How do you go about disabling it? It seems that our installation is enabled by default and we’d like to get rid of it.

  4. Look Up Says:

    It’s in the technet article, but here’s the info from the jump

    You can configure the password policy settings in the following location in the Group Policy Object Editor:

    Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy

  5. junior Says:

    I forget my windows 2008 server password, please help.

  6. Julie Says:

    Junior-

    You may try Locksmith, a part of Microsoft Diagnostics and Recovery Toolset. You can find the Toolset at http://www.microsoft.com/downloads/details.aspx?FamilyID=5d600369-0554-4595-8ab4-c34b2860e087&DisplayLang=en

    I’ve used Locksmith successfully on client computers before, but never on a Windows 2008 Server, so make sure you know what the risks are.

    -Julie

    • Lengsrun Says:

      If you want to change complexity requirement password please go into Run press key gpedit.msc —>window setting–>account polocies—>password polocy—>M password
      length change to 1(meaning input by yourself) and password must complexity requirement =Disable
      It is OK

      • Akbar Says:

        Hi, i got your answer and i did try it but the problem is i am not able to change the settings since the option box is colorless even i logged by admin. kindly reply me what to do for that/

  7. Mirko Says:

    how to disable password complexity policy in 2008 core??
    thanks

  8. divyesh Says:

    what is a default administrator password in server 2008?

    please help

    • ragia Says:

      what is a default administrator password in server 2008 x64?

  9. Sri Says:

    If you’re on a stand-alone machine (no AD etc) and dealing with only local accounts, you can enable/disable the policy from:

    Administrative Tools -> Local Security Policy -> Account Policies -> Password Policy.

    However, you don’t have a lot of settings to work with there. Oh… that’s the GUI way (2008 Standard)… I don’t know the command-line way to do that.

  10. yap Says:

    My server 2008 standard are create the new tree domain, I has follow the stap to change the password policy, but is fail to change the “enfore password history” and all the policy setting.

    Is the server disable the the password policy and I cun not add my user at active directory domain user.

    Please help me, is very urgent.

    Thank.

    • techman Says:

      use 7 letters an @ sign and 4 numbers it worked for me

  11. vdc Says:

    hey everyone! try ” P@ssw0rd ” without the quotes… should work just fine :) it contains al four types of characters.

    take care,
    vdc

    • zakash Says:

      very very good bro…….
      it’s work fine. thanks.

  12. Indu Says:

    Dear Friend,
    I have a problem when relogin by pressing Alt+Ctrl+Delete.
    I am running the Windows Server 2008 in the Virtual PC and that Virtual PC has been hosted in Windows XP System.
    When I press Alt+Ctrl+Delete to re-login, it is popped up the windows task manager of the host system instead of letting me relogin in Win Server 2008 system. Though I am working in the Virtual Machine, as soon as I pressed those three keys, it is straightaway switched back to the host Win XP system and poping up its task manager.

    Please help me to fix this problem.
    Regards
    Indu

  13. David Says:

    Try using CTRL-ALT-END instead of CTRL-ALT-DEL.

    David

    • swosher.com Says:

      Thanks,

      That helped me getting my head ache away. CTRL+ALT+END.

      Have a nice day!

  14. David Says:

    Good job guys! Interesting article, adding it to my favourites!
    Best wishes, David.

  15. maxium Says:

    is it posible to use windows server 2008 als standalone server with ad?

    or need to use a other domain controller to join it?

  16. Luc Says:

    Complexity requirements, on INcomplexity requirements?
    My password matches what these requirements demand, yet I got the same message.
    It contains letters, digits and a UNICODE non-alphanumeric character (alt+3 digit number) which makes it far more secure (the classic brute force password scanners never include unicode because it would take them aeons to complete), it exceeds the minimum length, yet server 2008 refused it as not meeting the complexity requirements.
    I had to add one more character from what it considers “non-alphabetic characters”. Apparently they created a list of what non-alphabetic characters are accepted for group 4, instead of defining it as “anything except A-Z, a-z and 0-9″.

    • P Says:

      LUC, Did you ever find a solution?

      I am in the same boat. We just enabled the domain policy for 7char/complexity, and no passwords are “complex enough”.

      (no it’s not an issue with trying to make up a complex password) WE’ve tried passwords that are sufficient in legnth, dont contain any portion of the users name, are not similar to prior passwords, and contain ALL of the character types [Aa1#] Example: “ThisP@ssword$ucks!!77″ is not complex enough

      • Skipper74 Says:

        I just followed a this answer :

        Sri Says:
        November 7, 2008 at 6:09 pm
        If you’re on a stand-alone machine (no AD etc) and dealing with only local accounts, you can enable/disable the policy from:

        Administrative Tools -> Local Security Policy -> Account Policies -> Password Policy.

        However, you don’t have a lot of settings to work with there. Oh… that’s the GUI way (2008 Standard)… I don’t know the command-line way to do that.

        Password must meet complexity requirements : Disabled

        And after that, no PW Complexity anymore..

  17. Zivuku James Says:

    I have just installed windows server 2008 standard on my new server. Unfortunately, its not allowing me to log in rather requesting me to change my password at first log in. I have put the password that i believe is valid but its rejecting it with this message
    “Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain”
    Guys can you give me advice,

    James.

  18. Zivuku James Says:

    Ehee guys the solution is “p@ssw0rd” i got it right, thank you brother VDC.

    • makidrin Says:

      now i know your admin password. just wait till i find your server :)

    • Fernando Says:

      Thank you so much.

    • bryan669 Says:

      thanks. what a pain i’m having installing this on a proliant ml110

  19. Hồ Công Trưởng Says:

    I have just installed windows server 2008 standard on my new server. Unfortunately, its not allowing me to log in rather requesting me to change my password at first log in. I have put the password that i believe is valid but its rejecting it with this message
    “Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain”
    Guys can you give me advice,

    • Fernando Says:

      Follow the VDC recomendation: as password, type: “p@ssw0rd” without the quotes, and have fun :-D

  20. singo Says:

    thankz so much VDC. “p@ssw0rd” its really work, well done!.

  21. sunny Says:

    i followed this and really my problem is sloved
    thanks
    i take a password- AS12as23

  22. RyGuy Says:

    I am surprised at all of the trouble everyone here is having coming up with a sufficient password! I would think if one is “tech savvy” enough to require/desire Server 2008 (or any server OS for that matter) he should at the very least be able to follow the simple directions for creating a secure password. Instead you all now have the same password. Sad really…

  23. Zahraine Says:

    Can we fully disable the password for 2008 server. Really irritating when it always ask to change password every 30 days

  24. The GUI-Guy Says:

    For the 2008 Server Core. To lift the password complexity:

    secedit /export /cfg C:\new.cfg

    Then you edit new.cfg (it is ini format) and change line “PasswordComplexity = 1″ to “PasswordComplexity = 0″.

    Apply it on Hyper-V server with:

    secedit /configure /db %windir%\security\new.sdb /cfg C:\new.cfg /areas SECURITYPOLICY

    • Khalid Shah Says:

      Excellenttttttttttt ……..thanks

    • Markus Says:

      Thanx Gui-guy!!!!

      Working 100% will make my life much easier now.

    • tntgl Says:

      thankkkkkzzzzz it’s work. ^^

  25. Mamoun Says:

    worked for me too, thanks alot.

  26. Raymond Says:

    awesome! thx i really needed this

  27. Paul Says:

    Hi all I just ran into this one and its a pain but it is easy to fix.
    goto Server manager install Group policy feature
    open group policy console and find you domain> navigate to default domain policy> go to setting tab and then goto windows settings/security settings/ account policies/ right click and edit.

    Set them with settings of your choice but be mindfull of setting them 2 low

    Cheers for the post it helped me

    Paul

    • will Says:

      Paul….you the man. Thanks a lot.

    • gkhnyrn Says:

      paul,

      you are the ‘one’ my friend..

      thanks..

    • Joseph S. Kamara Says:

      Hi Paul,

      your guide worked for me. I have been having similar problem like Johnnyblaze.

      thanx. you made me learn somethng new.

      rgds,

      Joe

    • Paul Says:

      Hi All just thought I would give an update as it appears the same question is being asked, my method using group policy is after you have set up the server and your first password, my process should be the next step as it allows you to turn off the default Windows server password policy or at least taylor it to your needs you can shorten the length and turn off the new password feature, but this has to be done through group policy.

      just wait till you try and set up Exchange Server 2008 (its great fun or should I say challenging!)

      Cheers P

    • sadal Says:

      thank you Paul. it works..!
      then run: gpupdate /force
      to apply changes.

  28. Unable to create new user and password Says:

    [...] is incorrect I found following document; Windows Server 2008 Password Complexity Requirements http://thebackroomtech.com/2008/03/1…-requirements/ but can't find a solution. Please help. TIA Remark: I have another Windows Server 2008 64bit [...]

  29. shahid Says:

    hi folks
    i have windows 2008server enterprise as my domain controller ,i am facing problem when i want to change
    password complexity , i went
    local sercurity policy / acont policy
    when i want to change it , all option are disbled
    i cant chagne any thing
    plz help me

  30. Johnnyblaze Says:

    Paul,

    You lifesaver! Thanks very much for this password policy update! It was doing my head in!!! :)

    Worked a treat!

    Thanks again….

  31. Leo Says:

    Thanks. I tried a lot of combinations which I thought were very secure but I didn’t know it has to be THIS secure.

  32. jason Says:

    your article is awesome

  33. Ahdar Says:

    Thanks, its very nice… the trick is working

    • Ram Says:

      Don’t try to change the password by pressing ALT+CTRL+DEL, better go to the user management and then change the administrator account password. It worked for me, however complex password I tried in ALT+CTRL+DEL, I use to keep getting
      “Unable to update the password”

  34. Khun Says:

    Thank so much..

    I can change Admin password.
    :)

  35. Ying Says:

    I need to reset a Windows Server 2008 password! Please help!

  36. harish Says:

    thank u very much!

  37. Yonsen Says:

    Dear all,
    I have been asked to replace the password after some time, so I changed it, and somehow now I can’t remember the password. Is there any way I can reset the password, since I am unable to use the server now. Thank you so much for the help.

  38. Alians Says:

    Work great…….. Thanks! :)

  39. Kenneth Says:

    This is crazy jacked… Never ran into this issue before. This time around, I’m creating a WinSvr2008 VM inside of ESXi 4.1. I get the OS installed, configure a few things, restart several times and log into Administrator account with my correct and valid password (which is not P@ssw0rd btw). I then get prepped for installed AD by running the “Net User Administrator passwordreq:yes” command. Then, I proceed with AD DS install without any problems, run dcpromo at the end and when this is completed, server wants to restart. I have not set any passwords or anything except those that are prompted inside the installation, and those are not the domain usernames. Upon rebooting the server, I attempt to log into the newly created domain\administrator account using my former password = FAIL. I try to then log into Local\administrator = FAIL. How the eff did these passwords get changed and why the eff did I not get the opportunity to set them myself?! I’m going to have to reinstall this gd VM yet again because of this stupid issue. Thoughts?!

  40. Junaks2000 Says:

    Thank bro… It works for me 2…. Thanks again….


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 32 other followers

%d bloggers like this: