How to edit the password policy on Windows Server 2008 R2 or Windows 2012

It’s not possible directly to edit the password policies in AD setup both in Windows 2008 and 2012 environment. Before doing the changes have a look into the current settings, and backup if necessary. To check the currents settings, type ‘gpedit.msc’ in command prompt and then navigate to  ‘Computer SettingsWindows SettingsSecurity SettingsAccount PoliciesPassword Policy’ section.

localsecpolicyMost of the times the settings will be greyed out (disabled), if it’s greydout here how we can change it.

  1. Go to a command prompt
  2. Type ‘secedit /export /cfg c:local.cfg‘ and hit enter
  3. Using notepad, edit c:local.cfg (keep a backup if required)
  4. Look for the line which you want to edit. For eg. “PasswordComplexity = 1” and change it to “PasswordComplexity = 0”
  5. Save the file
  6. At a command prompt type ‘secedit /configure /db %windir%securitylocal.sdb /cfg c:local.cfg /areas SECURITYPOLICY

This will apply the new settings and refreshing the gpedit.msc should reflect the new settings
Set your new less complex password!



Leave a Reply

Your email address will not be published. Required fields are marked *