Disable Strong Password Enforcement and Password Aging

By default Microsoft Windows Server 2012 enforces users in the Administrators group to use strong passwords. Home users often just want to create their own passwords or leave them blank.

1. Open the Start screen and click the Administrative Tools icon.
Administrative Tools at Start screen

2. In Administrative Tools folder, pharmacy double click the Local Security Policy icon, expand Account Policies and click Password Policy. In the right pane double click Password must meet complexity requirements and set it to Disabled. Click OK to save your policy change.
Disable password complexity requirements

3. Optionally you can also choose to never let passwords expire. To do this open the Maximum password age policy and set set the value to 0. Click OK to apply the change.
Disable password aging


Continue to disable the Shutdown Event Tracker…

You may also like...

40 Responses

  1. Girmaw Zeleke says:

    i disabled strong password complexity in windows 2008 server but still i unable to change my password with blank or simple passwords

    thank you

    Girmaw Zeleke
    hopping that you respond immediately

  2. TIENG Chandara says:

    It also not work for me,
    I have navigate to local policy –> account policy and try to change default configuration of account policy container such as password length, complexity meet,.. yet it not able to change, it all disabled.
    Please help me solve this..

  3. Brad says:

    Do you know how to do this on a core install that is not AD joined?
    GUI is great but I don’t want to install the GUI just to do this and then remove the GUI.

  4. Josh says:

    After performing the group policy suggestion I ran gpupdate in the command prompt. It worked. Thanks!

  5. jkhuston says:

    still does not work. Even after making the changes to the group policy with the editor you still get the error message when adding a new user with less than adequate password.

  6. Basheer says:

    thanx a lot !!!!

  7. Robert says:

    Thanks a lot ! It helps !

  8. Aaron Booker says:

    Mike – thanks so much for your addition. WSE2012 Group Policies had me stuck… Thanks a ton.


  9. griff says:

    Thanks, was a useful one this!

  10. MikeS says:

    First, thank you… this guide is awesome.
    On my server, these settings are disabled under the Local Security Policy (WS2012 Essentials.) However, they can be changed under the Group Policies.

    From the charms, search Apps for “gpmc.msc” and start it.
    Group Policy Management -> Forest: YourServerName.local -> Domains -> YourServerName.local
    Select “Default Domain Policy” then right-click and select “Edit…” to open the Group Policy Management Editor.

    Group Policy Management Editor
    Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy

    • Arris says:

      I’m glad you like the guide and thanks for your comments! 🙂

      • hoangnguyen says:

        Hi pro,

        I can not disable Password must meet complexity requirements because it’s unhide. Please help me! Thank you

        • َA.P.Behbahani says:

          The password does not meet the password policy requirements, just follow these steps to Disable Password complexity in Windows Server 2012

          In the Server Manager click on Tools and from the drop down click Group Policy Management
          Expand Forrest >> Domains >> Your Domain Controller.
          Right click on the Default Domain Policy and click on the Edit from the context menu.
          Now Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
          Double-click on the Passwords Must Meet Complexity Requirements option in the right pane.
          Select Disabled under define this policy setting:
          Click Apply then OK all the way out and close the GPO window

    • Kuldeep Bishnoi says:

      Thank you Mike.. now issue has been sorted out..

    • DavidW says:

      I configured the Group Policy like you said but still no luck, when i try to change a password, I still get the error saying that it doesn’t meet the right requirements. I checked back under Local Security Settings and the option to disable password complexity is still unchanged. Also, when I went into Group Policy editor and right clicked on “Default Domain Policy” like you said, I also clicked enabled thinking that the Group Policy would override the settings but alas, no such luck.
      I work at a small private school and want a generic student account for all the kids. The password has to be easy because I have Kindergartners logging in.
      Any help is appreciated.

      • Chris says:

        I had a similar problem where the GPO was set correctly, but did not seem to be taking effect even after running “gpupdate /force” from the command line. I found this article which helped me resolve my issue: http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part1.html

        In my case, the problem was I did not have any groups set in the “Security Filtering” window. Thus, this policy was not applicable to anyone. Once I added the “Authenticated Users” group and re-ran “gpupdate /force”, everything worked.

        From the article above I also learned about the RSOP.msc tool, which will basically show you what policies are in effect and can help you track down what is occurring.

    • Liquid Khaos says:

      MikeS You da Man! Not that its a big, but we need to add Policies in the chain below. ThankU ThankU

      Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy

    • Søren K says:

      Thank you for sharing, those password restrictions where locked on my server for some reason, your solution worked.

      Thank you.

    • James C. says:

      Under Windows Server 2012 R2 Essentials this doesn’t work anymore. I found this Microsoft TechNet for the correct method to change the password policy. It’s surprisingly easy 🙂


    • M. Yehia says:

      Yes, indeed. I think The (Password must meet complexity requirements) by default is disable for one reason to protect a very important Machine in your organization, so, If we have one effective solution which is Group Policy Management we can do what we want and everything going to be okay.

      otherwise, special thanks and this guide is useful!

    • Kevin says:

      Thank God someone understands Active Directory.

    • Bahrul Halimi says:

      Thanks a lot

    • SAM says:

      Thanks a lot

      it is very helpful

    • AURANG ZEB KHAN says:

      Very awesome. I solved the problem.
      Thanks MikeS

    • Spiros says:

      Thank you MikeS. Your answer help’s me !!!!

    • Nazrul Farazi says:

      Thanks a Lot
      It’s work properly.

Leave a Reply

Your email address will not be published. Required fields are marked *