Disable Strong Password Enforcement and Password Aging

By default Microsoft Windows Server 2012 enforces users in the Administrators group to use strong passwords. Home users often just want to create their own passwords or leave them blank.

1. Open the Start screen and click the Administrative Tools icon.
Administrative Tools at Start screen

2. In Administrative Tools folder, pharmacy double click the Local Security Policy icon, recipe expand Account Policies and click Password Policy. In the right pane double click Password must meet complexity requirements and set it to Disabled. Click OK to save your policy change.
Disable password complexity requirements

3. Optionally you can also choose to never let passwords expire. To do this open the Maximum password age policy and set set the value to 0. Click OK to apply the change.
Disable password aging


Continue to disable the Shutdown Event Tracker…

Tags: , , , , , ,

Posted in Security Configuration

52 Responses to “Disable Strong Password Enforcement and Password Aging”

  • MikeS says:

    First, thank you… this guide is awesome.
    On my server, these settings are disabled under the Local Security Policy (WS2012 Essentials.) However, they can be changed under the Group Policies.

    From the charms, search Apps for “gpmc.msc” and start it.
    Group Policy Management -> Forest: YourServerName.local -> Domains -> YourServerName.local
    Select “Default Domain Policy” then right-click and select “Edit…” to open the Group Policy Management Editor.

    Group Policy Management Editor
    Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy

    • Arris says:

      I’m glad you like the guide and thanks for your comments! 🙂

      • hoangnguyen says:

        Hi pro,

        I can not disable Password must meet complexity requirements because it’s unhide. Please help me! Thank you

        • َA.P.Behbahani says:

          The password does not meet the password policy requirements, just follow these steps to Disable Password complexity in Windows Server 2012

          In the Server Manager click on Tools and from the drop down click Group Policy Management
          Expand Forrest >> Domains >> Your Domain Controller.
          Right click on the Default Domain Policy and click on the Edit from the context menu.
          Now Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
          Double-click on the Passwords Must Meet Complexity Requirements option in the right pane.
          Select Disabled under define this policy setting:
          Click Apply then OK all the way out and close the GPO window

    • Kuldeep Bishnoi says:

      Thank you Mike.. now issue has been sorted out..

    • DavidW says:

      I configured the Group Policy like you said but still no luck, when i try to change a password, I still get the error saying that it doesn’t meet the right requirements. I checked back under Local Security Settings and the option to disable password complexity is still unchanged. Also, when I went into Group Policy editor and right clicked on “Default Domain Policy” like you said, I also clicked enabled thinking that the Group Policy would override the settings but alas, no such luck.
      I work at a small private school and want a generic student account for all the kids. The password has to be easy because I have Kindergartners logging in.
      Any help is appreciated.

      • Chris says:

        I had a similar problem where the GPO was set correctly, but did not seem to be taking effect even after running “gpupdate /force” from the command line. I found this article which helped me resolve my issue: http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part1.html

        In my case, the problem was I did not have any groups set in the “Security Filtering” window. Thus, this policy was not applicable to anyone. Once I added the “Authenticated Users” group and re-ran “gpupdate /force”, everything worked.

        From the article above I also learned about the RSOP.msc tool, which will basically show you what policies are in effect and can help you track down what is occurring.

    • Liquid Khaos says:

      MikeS You da Man! Not that its a big, but we need to add Policies in the chain below. ThankU ThankU

      Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy

    • Søren K says:

      Thank you for sharing, those password restrictions where locked on my server for some reason, your solution worked.

      Thank you.

    • James C. says:

      Under Windows Server 2012 R2 Essentials this doesn’t work anymore. I found this Microsoft TechNet for the correct method to change the password policy. It’s surprisingly easy 🙂


    • M. Yehia says:

      Yes, indeed. I think The (Password must meet complexity requirements) by default is disable for one reason to protect a very important Machine in your organization, so, If we have one effective solution which is Group Policy Management we can do what we want and everything going to be okay.

      otherwise, special thanks and this guide is useful!

    • Kevin says:

      Thank God someone understands Active Directory.

    • Bahrul Halimi says:

      Thanks a lot

    • SAM says:

      Thanks a lot

      it is very helpful

    • AURANG ZEB KHAN says:

      Very awesome. I solved the problem.
      Thanks MikeS

    • Spiros says:

      Thank you MikeS. Your answer help’s me !!!!

    • Nazrul Farazi says:

      Thanks a Lot
      It’s work properly.

  • griff says:

    Thanks, was a useful one this!

  • Aaron Booker says:

    Mike – thanks so much for your addition. WSE2012 Group Policies had me stuck… Thanks a ton.


  • Robert says:

    Thanks a lot ! It helps !

  • Basheer says:

    thanx a lot !!!!

  • jkhuston says:

    still does not work. Even after making the changes to the group policy with the editor you still get the error message when adding a new user with less than adequate password.

  • Josh says:

    After performing the group policy suggestion I ran gpupdate in the command prompt. It worked. Thanks!

  • Brad says:

    Do you know how to do this on a core install that is not AD joined?
    GUI is great but I don’t want to install the GUI just to do this and then remove the GUI.

  • TIENG Chandara says:

    It also not work for me,
    I have navigate to local policy –> account policy and try to change default configuration of account policy container such as password length, complexity meet,.. yet it not able to change, it all disabled.
    Please help me solve this..

  • Girmaw Zeleke says:

    i disabled strong password complexity in windows 2008 server but still i unable to change my password with blank or simple passwords

    thank you

    Girmaw Zeleke
    hopping that you respond immediately

  • Girmaw Zeleke says:

    I have navigate to local policy –> account policy and try to change default configuration of account policy container such as password length, complexity meet,.. yet it not able to change, it all disabled.

  • Thierry PROST says:

    Same for me.

    All grey and can’t change it, also for password minimal time before changing it.

    • Ernesto Compean says:

      Was you able to fix this?, I am having the same problem.

      any advise will be welcome.

  • KCJET says:

    Group policy method worked great. It’s been the same for a long time 2003 at least. Just make sure to update the GP. go to Command Prompt and type GPUPDATE /FORCE

  • Vincent says:

    I had the same issue I had to login to Domain Controller and then open command prompt. type secpol.msc and then run ( this will open up loacal local group policy on the Domain controller) . Security settings > Account settings > password Policy and change settings in there and close the window. Then run a gpupadte /force on client. That worked for me. 🙂

  • Very great post. I just stumbled upon your weblog and wished to say that I have
    truly enjoyed surfing around your weblog
    posts. In any case I’ll be subscribing in your feed and I hope you write once more very

  • When Ioriginally commented I clicked the “Notify me when new comments are added” checkbox and
    now each time a comment is added I get four emails with the same comment.
    Is there any way you can remove me from that service?
    Bless you!

  • praca says:

    Magnificent beat ! I would like to apprentice while you amend your site, how can i subscribe for a blog web site?
    The account aided me a acceptable deal.
    I had been tiny bit acquainted of this your broadcast provided bright
    clear concept

  • Aw, this was a really good post. Taking the time and actual effort to
    generate a really good article… but what can I say… I put things off a whole lot and never manage
    to get nearly anything done.

  • Quality content is the secret to attract the people to pay a quick visit the site, that’s what this
    site is providing.

  • You actually make it appear so easy together with your presentation however I find this topic to be really something that I believe I’d never understand.

    It sort of feels too complex and extremely extensive for me.

    I’m taking a look forward on your subsequent submit,
    I’ll attempt to get the hang of it!

  • hack cheat says:

    Simply wish to say your article is as surprising. The clarity in your post
    is just cool and i can assume you’re an expert on this subject.

    Fine with your permission allow me to grab your feed to keep up to date with forthcoming post.
    Thanks a million and please carry on the rewarding

  • Zelma says:

    Tanto el licor de bellota, como la crema de bellota son productos muy demandados fuera de la región.

  • sutros.com says:

    Wow! Finally I got a blog from where I know how to genuinely take useful facts concerning my study and knowledge.

  • Hi to every one, it’s genuinely a pleasant for me to
    go to see this web page, it consists of precious Information.

  • Hey there! I’ve been reading your website for some time now and finally got the courage to go ahead and give you a shout out from Austin Tx!
    Just wanted to say keep up the good job!

  • prawnik says:

    Do naprawy na jakiś czas. Na jaki jest to nie największych ilościach piękne
    samochody są pod opieką konsultanta. Z usług standardowych,
    które są to usługa, że obsługa przygotuje nam gotowe opcje wynajmu samochodów
    jest już polsce na okres zawierania kontraktów i kondycji naszego rynku wiele

  • e2ki6qz025 says:

    人気スーパーコピーブランド時計激安通販専門店私達は長年の実体商店の販売経験を持って、先進とプロの技術を持って、高品質のスーパーコピー時計づくりに 取り組んでいます。最高品質のロレックス時計コピー、カルティエ時計コピー、IWC時計コピー、ブライトリング時計コピー、パネライ時計コピー激安販売中商品の数量は多い、品質はよい。}}}}}}

  • Jim Reynolds says:

    Hey Mike,

    I was in the same situation as you. This rocked! Worked perfect – Thanks so Much!

  • uK says:

    it is help full answer thnx alot but when I go to password policy a diloge box appear which had two option endable or disable but the DISABLE option was not selected by me because the radio button of DISABLE option was also disable which was not selected by me Kindly help me if any one can…. 🙁 🙁

  • computer says:

    This website was… how do I say it? Relevant!!
    Finally I’ve found something that helped me. Kudos!

Leave a Reply

Your email address will not be published. Required fields are marked *