I finally got around to installing Windows Server 2008 Standard today. I performed a Server Core installation, and was suprised how little interaction I had to have with the installer. It seemed like I answered three or four questions, went to get a Diet Coke, and when I came back the server was at the logon prompt.
During the install process I had not been prompted to provide an Administrator password like I’d experienced during installations of previous Windows Server operating systems. I entered Administator as the User Name and hit enter, and I was automagically logged onto the server.
Immediately Windows prompted me to change the Administrator password. I tried reusing a few of my standard passwords, but they kept getting rejected with the following error:
“Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain”
I tried to create a new password several more time, but nothing worked. I finally decided to find out what the default password policy requirements were for Windows 2008.
When this policy setting is enabled, users must create strong passwords to meet the following minimum requirements:
- Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
- Passwords must be at least six characters in length.
- Passwords must contain characters from three of the following four categories:
-
English uppercase characters (A through Z).
-
English lowercase characters (a through z).
-
Base 10 digits (0 through 9).
-
Non-alphabetic characters (for example, !, $, #, %).
I thought it was interesting to find the following explanation from the same web page:
“Password must meet complexity requirements -
This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords. By default, the value for this policy setting in Windows Server 2008 is configured to Disabled, but it is set to Enabled in a Windows Server 2008 domain for both environments described in this guide.”
That was not the behavior I had experienced with my initial install of Windows Server 2008. This was a core installation and was not a domain member, so why was the policy enabled?
On another note, when you want to log out of Server Core, simply type logoff
March 10, 2008 at 9:22 am
[...] Continued here: Windows Server 2008 Password Complexity Requirements [...]
October 13, 2009 at 3:36 am
That’s work perfectly.Thanks
April 7, 2008 at 7:51 pm
Same thing here. Downloaded the MSDN version, burned iso to dvd, and was prompted for a key. Tried the one that I was given for all versions, and it didn’t work.
Then I remembered NOT to enter the key, to be prompted to choose the version to install. I chose ENTERPRISE (Full) and had the same thing happen.
I found this page, which explains it clearly, but I thought I’d add the other part!
April 29, 2008 at 5:04 pm
How do you go about disabling it? It seems that our installation is enabled by default and we’d like to get rid of it.
May 29, 2008 at 8:53 pm
It’s in the technet article, but here’s the info from the jump
You can configure the password policy settings in the following location in the Group Policy Object Editor:
Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy
July 7, 2008 at 9:41 am
I forget my windows 2008 server password, please help.
July 7, 2008 at 12:48 pm
Junior-
You may try Locksmith, a part of Microsoft Diagnostics and Recovery Toolset. You can find the Toolset at http://www.microsoft.com/downloads/details.aspx?FamilyID=5d600369-0554-4595-8ab4-c34b2860e087&DisplayLang=en
I’ve used Locksmith successfully on client computers before, but never on a Windows 2008 Server, so make sure you know what the risks are.
-Julie
July 23, 2008 at 7:38 am
how to disable password complexity policy in 2008 core??
thanks
September 12, 2008 at 1:10 am
what is a default administrator password in server 2008?
please help
November 7, 2008 at 6:09 pm
If you’re on a stand-alone machine (no AD etc) and dealing with only local accounts, you can enable/disable the policy from:
Administrative Tools -> Local Security Policy -> Account Policies -> Password Policy.
However, you don’t have a lot of settings to work with there. Oh… that’s the GUI way (2008 Standard)… I don’t know the command-line way to do that.
February 3, 2009 at 9:13 pm
My server 2008 standard are create the new tree domain, I has follow the stap to change the password policy, but is fail to change the “enfore password history” and all the policy setting.
Is the server disable the the password policy and I cun not add my user at active directory domain user.
Please help me, is very urgent.
Thank.
February 20, 2009 at 4:57 am
hey everyone! try ” P@ssw0rd ” without the quotes… should work just fine
it contains al four types of characters.
take care,
vdc
March 14, 2009 at 7:04 pm
Dear Friend,
I have a problem when relogin by pressing Alt+Ctrl+Delete.
I am running the Windows Server 2008 in the Virtual PC and that Virtual PC has been hosted in Windows XP System.
When I press Alt+Ctrl+Delete to re-login, it is popped up the windows task manager of the host system instead of letting me relogin in Win Server 2008 system. Though I am working in the Virtual Machine, as soon as I pressed those three keys, it is straightaway switched back to the host Win XP system and poping up its task manager.
Please help me to fix this problem.
Regards
Indu
April 2, 2009 at 3:45 pm
Try using CTRL-ALT-END instead of CTRL-ALT-DEL.
David
November 3, 2009 at 2:56 am
Thanks,
That helped me getting my head ache away. CTRL+ALT+END.
Have a nice day!
April 3, 2009 at 2:49 pm
Good job guys! Interesting article, adding it to my favourites!
Best wishes, David.
April 28, 2009 at 6:13 am
is it posible to use windows server 2008 als standalone server with ad?
or need to use a other domain controller to join it?
April 29, 2009 at 10:37 am
Complexity requirements, on INcomplexity requirements?
My password matches what these requirements demand, yet I got the same message.
It contains letters, digits and a UNICODE non-alphanumeric character (alt+3 digit number) which makes it far more secure (the classic brute force password scanners never include unicode because it would take them aeons to complete), it exceeds the minimum length, yet server 2008 refused it as not meeting the complexity requirements.
I had to add one more character from what it considers “non-alphabetic characters”. Apparently they created a list of what non-alphabetic characters are accepted for group 4, instead of defining it as “anything except A-Z, a-z and 0-9″.
May 17, 2009 at 11:51 am
I have just installed windows server 2008 standard on my new server. Unfortunately, its not allowing me to log in rather requesting me to change my password at first log in. I have put the password that i believe is valid but its rejecting it with this message
“Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain”
Guys can you give me advice,
James.
May 17, 2009 at 12:56 pm
Ehee guys the solution is “p@ssw0rd” i got it right, thank you brother VDC.
June 11, 2009 at 5:50 pm
now i know your admin password. just wait till i find your server
June 20, 2009 at 3:52 pm
Thank you so much.
June 14, 2009 at 11:26 pm
I have just installed windows server 2008 standard on my new server. Unfortunately, its not allowing me to log in rather requesting me to change my password at first log in. I have put the password that i believe is valid but its rejecting it with this message
“Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain”
Guys can you give me advice,
June 20, 2009 at 3:58 pm
Follow the VDC recomendation: as password, type: “p@ssw0rd” without the quotes, and have fun
June 26, 2009 at 11:48 am
thankz so much VDC. “p@ssw0rd” its really work, well done!.
July 2, 2009 at 10:37 pm
i followed this and really my problem is sloved
thanks
i take a password- AS12as23
July 7, 2009 at 12:54 pm
I am surprised at all of the trouble everyone here is having coming up with a sufficient password! I would think if one is “tech savvy” enough to require/desire Server 2008 (or any server OS for that matter) he should at the very least be able to follow the simple directions for creating a secure password. Instead you all now have the same password. Sad really…
September 27, 2009 at 9:27 pm
Can we fully disable the password for 2008 server. Really irritating when it always ask to change password every 30 days
October 1, 2009 at 8:21 am
For the 2008 Server Core. To lift the password complexity:
secedit /export /cfg C:\new.cfg
Then you edit new.cfg (it is ini format) and change line “PasswordComplexity = 1″ to “PasswordComplexity = 0″.
Apply it on Hyper-V server with:
secedit /configure /db %windir%\security\new.sdb /cfg C:\new.cfg /areas SECURITYPOLICY
October 15, 2009 at 3:04 am
worked for me too, thanks alot.
October 24, 2009 at 5:49 pm
awesome! thx i really needed this