Password Complexity and Domain Polices
17 May 2002, 02:22 PM
#1
Scooby Regular
Thread Starter
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
Let’s set the picture. 2 Windows 2000 Advanced Servers (DC's) 20 Windows 2000 and XP workstations.
We have a Domain policy on our 2 W2K DC's in the AD - Password Complexity. We have this enabled so that all domain user accounts have to comply with this Policy (as expected).
All the local workstations have a generic local administrator password that is only known to our Operations group (me, few other techies and my technical director).
The generic workstation password does not comply with the domain policy, as the password is entered during the build sequence, this bypasses the Domain Policy, as it is not on the domain (at the time of setting the password). Still with me
The problem we have is that an ex-member of staff (a member of the Operations team) changed some one of the local admin passwords on a few of the workstations
Whilst we do know the passwords we want to change them back to the generic password again, but Windows will not allow this as the generic password does not meet the requirements of the Domain Policy. I tried removing the effected machines from the Domain and placing them in another Domain and then tried changing the password back, but it did not work, Windows complains about the Password Complexity rules.
Is there a few to get around this other than re-building the box? I don't really want t turn of the policy in the AD on the 2 Servers.
If this is badly worded or does not make a slight bit of sense then let me know and I will elaborate some more.
Many thanks
Darren
We have a Domain policy on our 2 W2K DC's in the AD - Password Complexity. We have this enabled so that all domain user accounts have to comply with this Policy (as expected).
All the local workstations have a generic local administrator password that is only known to our Operations group (me, few other techies and my technical director).
The generic workstation password does not comply with the domain policy, as the password is entered during the build sequence, this bypasses the Domain Policy, as it is not on the domain (at the time of setting the password). Still with me
The problem we have is that an ex-member of staff (a member of the Operations team) changed some one of the local admin passwords on a few of the workstations
Whilst we do know the passwords we want to change them back to the generic password again, but Windows will not allow this as the generic password does not meet the requirements of the Domain Policy. I tried removing the effected machines from the Domain and placing them in another Domain and then tried changing the password back, but it did not work, Windows complains about the Password Complexity rules.Is there a few to get around this other than re-building the box? I don't really want t turn of the policy in the AD on the 2 Servers.
If this is badly worded or does not make a slight bit of sense then let me know and I will elaborate some more.
Many thanks
Darren
18 May 2002, 09:52 AM
#3
Scooby Regular
Thread Starter
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
That is true, yes. All the passwords should really comply with the policy, but the director is set in his ways and wants them to stay.
Can anybody help?
Darren
Can anybody help?
Darren
18 May 2002, 10:03 AM
#4
Take the machine out of the domain and into its own workgroup.
Log in as the local administrator,
start -> run -> mmc <press enter>
go to file -> add/remove snap-in
press add, and select, group policy, and choose local machine.
Go to: Local Computer Policy -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
and disable the "Password must meet complexity requirements" and, change the "minimum password length" to 0
[Edited by ChristianR - 5/18/2002 10:05:30 AM]
Log in as the local administrator,
start -> run -> mmc <press enter>
go to file -> add/remove snap-in
press add, and select, group policy, and choose local machine.
Go to: Local Computer Policy -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
and disable the "Password must meet complexity requirements" and, change the "minimum password length" to 0
[Edited by ChristianR - 5/18/2002 10:05:30 AM]
20 May 2002, 12:50 PM
#7
Scooby Regular
Thread Starter
Join Date: Oct 2001
Location: Lovely Lancing in West Sussex
Posts: 3,449
Likes: 0
Received 0 Likes
on
0 Posts
Sorry Christian, I was a tad busy until now.
Once I removed the machines from our 'main' domain and put them in a test domain and disabled the password policy it worked a treat.
Thanks for you help mate.
Regards
Darren
Once I removed the machines from our 'main' domain and put them in a test domain and disabled the password policy it worked a treat.
Thanks for you help mate.
Regards
Darren
Thread
Thread Starter
Forum
Replies
Last Post
JackClark
Computer & Technology Related
7
17 September 2015 04:23 PM