Posted by & filed under Windows / Server.

Windows cannot set the password for <user> because: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.

This error is because the password you or the user has tried to enter does not meet the password policy set in Windows Server 2003.

As a Server Administrator, you may find yourself in a situation where you need to change this policy, for more complex or simpler passwords to appease corporate users. Below are the default password policy requirements.

Minimum password length:
This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0.
Default:
7 on domain controllers.
0 on stand-alone servers.

Password Complexity Requirements:
Not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters
Be at least six characters in length
Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
Complexity requirements are enforced when passwords are changed or created.
Default:
Enabled on domain controllers.
Disabled on stand-alone servers.

Maximum password age:
This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If the maximum password age is between 1 and 999 days, the Minimum password age must be less than the maximum password age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days.
Note: It is a security best practice to have passwords expire every 30 to 90 days, depending on your environment. This way, an attacker has a limited amount of time in which to crack a user’s password and have access to your network resources.
Default: 42.

To Change the Default Password Policy in Windows Server 2003

Select Domain Security Policy from Administrative Tools.
Click on Security Settings > Account Policies > Password Policy.

Right-click on Passwords must meet complexity requirements.

Click Properties from the context menu.

Do not remove the check from the Define this policy setting checkbox.
Select the Disabled option.
(This will allow less complex passwords)

Click the OK button.

Double-click on Minimum Password Length in the right pane.
Enter a new minimum password length. Entering Zero (0) will remove the password requirement.
Do not remove the check from the Define this policy setting checkbox.

Click the OK button.

Close the Default Domain Security Settings window.

Type gpupdate /force at the Command Prompt. This will refresh the security policy without restarting.

Press the Enter.

(5.00 out of 5)

8 Responses to “Windows Server 2003 Password Policy Changes”

  1. Kachinga

    Thank you very much for the info it works for me in less than 10minutes. Please keep on doing the good job. also if possible add your contact email on this site

    Reply
  2. adli ( shadowbane ) & tantawi ( pr0teg )

    THank you so much for your trick to refresh the policy thing…. thank you
    i would like the honour to be your friend because i got such a stupid friend beside me

    Reply
  3. Julia Bushong

    What if you have already removed the check? Your article states “Do not remove the check for the “Define this policy setting” check box”

    What happens if I have removed the checks so these policies are not defined. Now I want to define and enable them. does anything bad happen?

    Please reply…
    thanks,

    Reply
  4. zarc

    just exactly what i needed. i didnt have to try and error. the procedure was straight to the point. keep up the good work guys

    Reply
  5. obinna okoye

    Hi, I just installed a windows server 2003 on a virtual machine and when it restarted, it asked me for an Administrator password. Meanwhile during the installation, I did not specify any password. What password does windows server specify if you dont provide one during installation?? Hope someone can help.

    Reply
  6. Chris Stinson

    Obinna,

    Did you try just pressing ENTER when you logon? Sometimes it still asks for a password even when there is none.

    Did you install using VMWare ESX/Server? If so, try using your password to that.

    But to answer your question, Microsoft does not have a specific default password with Windows 2003.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>