How to Change Active Directory Password Policy in Windows Server 2008

September 24, 2012 updated by Admin Leave a reply »

When setting up a new Windows Server 2008 server with Active Directory you will discover that you are not allowed to edit the default domain policy. You can use complex passwords to meet the default password policy, but sometimes you may need to continue using simple passwords, edit or disable the strong password policy, what should you do next?

Here is the step-by-step guide to change Active Directory password policy in Windows Server 2008. You need to log on domain controller using administrative account so you have sufficient privileges to make the change.

How to Change Active Directory Password Policy in Windows Server 2008?

  1. Click Start, click Administrative Tools, and then click Group Policy Management.

  2. Under Group Policy Management window, go to Forest > Domains > {your domain} > Default Domain Policy, click on the Settings tab you can see the default password policy applied to your domain user accounts.

    Unfortunately, there is no option for you to edit or change the default domain policy. The only way to change your password policy is to create a new domain policy to overwrite the default domain policy.

  3. To create a new domain policy, please click on your domain name in the left panel, then select Create a GPO in this domain, and Link it here….

  4. Now right-click on the domain policy you’ve created and then click Edit.

  5. In the appearing window, go to Policies > Windows Settings > Security Settings > Account Policies > Password Policy.
  6. You can double-click on the Password must meet complexity requirements in the right pane to disable the setting, or double-click on Minimum password length to change the password requirement, and so on.
  7. After you complete the editing of your domain policy, right-click on your new domain policy and tick the Enforced and Link Enabled to make your changes to take effect.