Password rules on Windows 2003

Hi everyone,

I just installed Windows 2003 and AD on a test system and noted by defualt
when I create a new user 2003 wont let me use a "simple" password. Is there
a way to turn that off. I know it's not a good idea, but this is JUST a
test system and I just want to know how to do it. "Password Policy" is set
to "Not Defined" everywhere that I can find it.

Thanks for any help.


Clayton

Oh by the way, the user is allowed to "Log on locally" and can do that just
fine.


Clayton



"Clayton Sutton" <(E-Mail Removed)> wrote in message
news:OP9ih%(E-Mail Removed)...
> Hi everyone,
>
> I just installed Windows 2003 and AD on a test system and noted by defualt
> when I create a new user 2003 wont let me use a "simple" password. Is
there
> a way to turn that off. I know it's not a good idea, but this is JUST a
> test system and I just want to know how to do it. "Password Policy" is
set
> to "Not Defined" everywhere that I can find it.
>
> Thanks for any help.
>
>
> Clayton
>
>

There are to places where you can set password preferences:

1. Local Security Policy > Account Policies > Password Policy.
Disable "Password must meet complexity..."
This affects local accounts, but it may be overriden with group policy if
computer is memeber of domain.

2. Domain Security Policy. Same settings as above.
This affects domain accounts.

3. Never use blank passwords because WS2003 will not alow you to access
shared resources.

Dusko Savatovic

"Clayton Sutton" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Oh by the way, the user is allowed to "Log on locally" and can do that
> just
> fine.
>
>
> Clayton
>
>
>
> "Clayton Sutton" <(E-Mail Removed)> wrote in message
> news:OP9ih%(E-Mail Removed)...
>> Hi everyone,
>>
>> I just installed Windows 2003 and AD on a test system and noted by
>> defualt
>> when I create a new user 2003 wont let me use a "simple" password. Is
> there
>> a way to turn that off. I know it's not a good idea, but this is JUST a
>> test system and I just want to know how to do it. "Password Policy" is
> set
>> to "Not Defined" everywhere that I can find it.
>>
>> Thanks for any help.
>>
>>
>> Clayton
>>
>>
>
>

Why not just update your personal standards and start using P@ssw0rd as your
new default password for non-production systems? It's easy to remember and
meets the default complexity requirements.

(Sometimes, it's just easier to not fight the current...just swim with it)

--
Ryan Sokolowski
MCSE, CCNA, CCDA, BCFP
Avanade
http://www.Avanade.com

"A troubleshooter's best tool is the Event Viewer and understanding the
events and messages contained therein."

This posting is provided "AS IS" with no warranties, and confers no rights.

"Dusko Savatovic" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> There are to places where you can set password preferences:
>
> 1. Local Security Policy > Account Policies > Password Policy.
> Disable "Password must meet complexity..."
> This affects local accounts, but it may be overriden with group policy if
> computer is memeber of domain.
>
> 2. Domain Security Policy. Same settings as above.
> This affects domain accounts.
>
> 3. Never use blank passwords because WS2003 will not alow you to access
> shared resources.
>
> Dusko Savatovic
>
> "Clayton Sutton" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Oh by the way, the user is allowed to "Log on locally" and can do that
>> just
>> fine.
>>
>>
>> Clayton
>>
>>
>>
>> "Clayton Sutton" <(E-Mail Removed)> wrote in message
>> news:OP9ih%(E-Mail Removed)...
>>> Hi everyone,
>>>
>>> I just installed Windows 2003 and AD on a test system and noted by
>>> defualt
>>> when I create a new user 2003 wont let me use a "simple" password. Is
>> there
>>> a way to turn that off. I know it's not a good idea, but this is JUST a
>>> test system and I just want to know how to do it. "Password Policy" is
>> set
>>> to "Not Defined" everywhere that I can find it.
>>>
>>> Thanks for any help.
>>>
>>>
>>> Clayton
>>>
>>>
>>
>>
>
>

One sometimes must set the policy to define and disabled
in order to shut it off. Then one can if desired set it to not
defined.
Well, that is how to do it, but of course you know it is better
not to do so. Use a passphrase - easy to remember, natural
to type, too long for feasible crack

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA, MCSE W2k3+W2k+Nt4
"Clayton Sutton" <(E-Mail Removed)> wrote in message
news:OP9ih%(E-Mail Removed)...
> Hi everyone,
>
> I just installed Windows 2003 and AD on a test system and noted by defualt
> when I create a new user 2003 wont let me use a "simple" password. Is
> there
> a way to turn that off. I know it's not a good idea, but this is JUST a
> test system and I just want to know how to do it. "Password Policy" is
> set
> to "Not Defined" everywhere that I can find it.
>
> Thanks for any help.
>
>
> Clayton
>
>

Doing the right thing is usually not easy, or everyone would have no
problems doing it consistently.

It's about the threats right? If this machine is not networked, it could
matter less in most cases. If the machine is connected to the internet or a
shared network where unknown/untrusted people can see it, then having a
predictable password (and your's is in a dictionary) is almost as effective
as a blank password. It will keep the n00bs out, but attackers and skiddies
using dictionary attacks will not be thwarted.

This is not the advice I expect to see from a large partner such as Avanade.
I wonder if the Fellows at Avanade would agree with you.....




"Ryan Sokolowski [Avanade]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Why not just update your personal standards and start using P@ssw0rd as
> your new default password for non-production systems? It's easy to
> remember and meets the default complexity requirements.
>
> (Sometimes, it's just easier to not fight the current...just swim with it)
>
> --
> Ryan Sokolowski
> MCSE, CCNA, CCDA, BCFP
> Avanade
> http://www.Avanade.com
>
> "A troubleshooter's best tool is the Event Viewer and understanding the
> events and messages contained therein."
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "Dusko Savatovic" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> There are to places where you can set password preferences:
>>
>> 1. Local Security Policy > Account Policies > Password Policy.
>> Disable "Password must meet complexity..."
>> This affects local accounts, but it may be overriden with group policy if
>> computer is memeber of domain.
>>
>> 2. Domain Security Policy. Same settings as above.
>> This affects domain accounts.
>>
>> 3. Never use blank passwords because WS2003 will not alow you to access
>> shared resources.
>>
>> Dusko Savatovic
>>
>> "Clayton Sutton" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Oh by the way, the user is allowed to "Log on locally" and can do that
>>> just
>>> fine.
>>>
>>>
>>> Clayton
>>>
>>>
>>>
>>> "Clayton Sutton" <(E-Mail Removed)> wrote in message
>>> news:OP9ih%(E-Mail Removed)...
>>>> Hi everyone,
>>>>
>>>> I just installed Windows 2003 and AD on a test system and noted by
>>>> defualt
>>>> when I create a new user 2003 wont let me use a "simple" password. Is
>>> there
>>>> a way to turn that off. I know it's not a good idea, but this is JUST
>>>> a
>>>> test system and I just want to know how to do it. "Password Policy" is
>>> set
>>>> to "Not Defined" everywhere that I can find it.
>>>>
>>>> Thanks for any help.
>>>>
>>>>
>>>> Clayton
>>>>
>>>>
>>>
>>>
>>
>>
>
>