Active Directory

Disable Password Requirements in Windows Server 2003 Domains

How can I disable the password requirement for a user in a Windows Server 2003 Active Directory domain?

Windows Server 2003 provides security policies that ensure that all users select strong passwords. Creating a password policy involves setting the following options in the Default Domain Group Policy object. These policies, with the exception of those settings related to password lifetime, are enforced on all users in a domain.

The default password filter (Passfilt.dll) included with Windows Server 2003 requires that a password:

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

  • Is not based on the user’s account name.
  • Contains at least six characters.
  • Contains characters from three of the following four categories:
    • Uppercase alphabet characters (A–Z)
    • Lowercase alphabet characters (a–z)
    • Arabic numerals (0–9)
    • Nonalphanumeric characters (for example, !$#,%)

As stated above, this policy is enabled by default.

In some occasions, such as testing, lab-building, classes and so on, you might want to disable this built-in requirement.

Security Warning: Bare in mind that this setting can only be enabled/disabled at the domain level, and NOT on an OU level. Disabling the password requirement for an entire domain will lower your security configuration, and should only be done when absolutely necessary.

In order to disable this requirement you need to edit the Default Domain Policy for your domain.
Go to Administrative tools folder.
Double-click on the Default Domain Security Policy icon.
Note: If for any reason you dont see that icon you can still edit the Default Domain Group Policy from the AD Users and Computers snap-in, or from a GPMC window (if you have GPMC installed – Download GPMC).
Navigate to Security Settings > Account Policies > Password Policy.
Right-click on the Minimum Password Length option in the right pane and select Properties.

Keep the V on the Define Setting selected! Do not remove the V from that check-box. Removing the V will cause the GPO to revert to the default setting, which is what we are trying to remove in the first place.
Enter 0 (zero) for the number of minimum characters required in a password.

Now double-click on the Passwords Must Meet Complexity Requirements option in the right pane.

Again, do not remove the V from that check-box. Instead, select Disabled.

Click OK all the way out and close the GPO window.

    In order to refresh the policy type the following command in a CMD window and click ENTER:

    ​gpupdate /force


    Related Topics:

    Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

    Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

    Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

    • Whether you should upgrade your domain controllers to Windows Server
      2019 and beyond
    • Achieving mission impossible: updating DCs within 48 hours
    • How to disable legacy protocols and outdated compatibility options in
      Active Directory

    Sponsored by: