Windows Server 2008 Password Complexity Requirements

by admin on March 10, 2008

I finally got around to installing Windows Server 2008 Standard today.  I performed a Server Core installation, and was suprised how little interaction I had to have with the installer.  It seemed like I answered three or four questions, went to get a Diet Coke, and when I came back the server was at the logon prompt.

During the install process I had not been prompted to provide an Administrator password like I’d experienced during installations of previous Windows Server operating systems.  I entered Administator as the User Name and hit enter, and I was automagically logged onto the server.

Immediately Windows prompted me to change the Administrator password.  I tried reusing a few of my standard passwords, but they kept getting rejected with the following error:

“Unable to update the password.  The value provided for the new password does not meet the length, complexity, or history requirements of the domain”

I tried to create a new password several more time, but nothing worked.  I finally decided to find out what the default password policy requirements were for Windows 2008.

When this policy setting is enabled, users must create strong passwords to meet the following minimum requirements:

  • Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
  • Passwords must be at least six characters in length.
  • Passwords must contain characters from three of the following four categories:
  1. English uppercase characters (A through Z).
  2. English lowercase characters (a through z).
  3. Base 10 digits (0 through 9).
  4. Non-alphabetic characters (for example, !, $, #, %).

I thought it was interesting to find the following explanation from the same web page:

“Password must meet complexity requirements -

This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords. By default, the value for this policy setting in Windows Server 2008 is configured to Disabled, but it is set to Enabled in a Windows Server 2008 domain for both environments described in this guide.”

That was not the behavior I had experienced with my initial install of Windows Server 2008.  This was a core installation and was not a domain member, so why was the policy enabled? 

On another note, when you want to log out of Server Core, simply type logoff

{ 60 comments… read them below or add one }

Leave a Comment

{ 2 trackbacks }

Previous post:

Next post: