How to Disable Complex Passwords In Your Lab with 2008 R2
Many of you who have home virtual labs will have an Active Directory domain as a part of it. While complex passwords can improve security in a production environment, you might not want this complexity in your home lab. Where and how to change this isn’t always intuitive so I thought I’d share a quick tip on how to quickly disable this.
In Windows 2003 there used to be an Administrative Tool called Domain Security Policy where you could quickly do to modify these settings. In 2008 this tool was removed, leaving the Local Security Policy tool, which does allow you to view all the password policies, but you will not be able to modify them. The Local Security Tool was not intended to be used for domain policy but since you can view domain policies (read only) using this tool, it can seem a bit confusing, leaving some to believe that they don’t have access. Fortunately, there’s a very simple workaround — use the domain based Group Policy Management Console (GPMC).
In Administrative Tools, select “Group Policy Management”, edit your default domain policy to your preferences and you’re set. A quick step by step:
1) Under Administrative Tools on your domain controller, run Group Policy Management
2) Drill down to expand your domain and select it. Then in the right pane, edit the Default Domain Policy by right-clicking on it and selecting “edit”
3) A new window has opened for the Group Policy Editor. Expand “Computer Configuration” > “Policies” > “Windows Settings” > “Security Settings” > “Account Policies” > “Password Policies”.
The settings have now been saved, but in order for them to become effective you must either reboot, wait for up to an hour, or manually force a group policy refresh by running “gpupdate /force” at a command prompt.
At this point you should be able to view and edit all of the relevant policies as shown above and edit them to match your preferences for your lab.