Change Local Administrator password complexity requirements …

I recently had reason to reset the Local Administrator password to one that did not satisfy the local security policy complexity requirements. This server had already been joined to the domain. Firstly, I logged on as local administrator and tried to change the password complexity requirement here:

Administrative Tools > Local Security Policy > Account Policies > Password Policy

The setting could not be changed as options were grayed out. Although I suspected it was due to being joined to AD and I could remove server from AD, change password complexity and add to AD again, I decided to search for another way. After some looking I came across this page on Spiceworks:

In particular, these instructions from IgnaceQ:

Go to a command prompt and Type 'secedit /export /cfg c:\local.cfg'
Edit c:\local.cfg
Look for the line "PasswordComplexity = 1" and change it to "PasswordComplexity = 0"
Save the file
At a command prompt type 'secedit /configure /db %windir%\security\local.sdb /cfg c:\local.cfg /areas SECURITYPOLICY

This worked for me also. Don’t know if it will persist after a restart but will check soon.

[Ed : 20140829 : Thought I should add here that while it worked across restarts, it may have messed up some other stuff although I am not 100% sure. For example, after making this change and restarting, the vCenter service would not start no matter what I did. As we have a relatively simple vSphere + vCentre environment, I ended up reinstalling OS + applications. In this case, I changed the local user password policy before joining the server to the domain.]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: