Параметр политики «Пароль должен соответствовать требованиям сложности» в Server 2016 определяет минимальные требования при изменении или создании паролей. Правила, включенные в требования к сложности пароля Windows Server, являются частью Passfilt.dll и не могут быть изменены напрямую.
По умолчанию в Server 2016 пароли должны соответствовать следующим минимальным требованиям:
1. Пароли не должны содержать имя учетной записи пользователя или части полного имени пользователя, которые превышают два последовательных символа.
2. Пароли должны быть длиной не менее семи символов.
3. Пароли должны содержать символы из трех следующих четырех категорий:
а. Английские заглавные буквы (от A до Z)
б. Английские строчные буквы (от a до z)
с. Базовые 10 цифр (от 0 до 9)
д. Не алфавитные символы (например,!, $, #,%)
В этом руководстве содержатся инструкции по отключению требований к сложности паролей на автономном сервере 2016 или в контроллере домена Active Directory 2016.
Как удалить требования к сложности паролей в Active Directory Server 2016 или автономном сервере 2016.
Часть 1. Как отключить требования к сложности паролей в Active Directory 2016.
Часть 2. Как отключить требования к сложности паролей на автономном сервере 2016 года.
Часть 1. Как отключить требования сложности пароля в Active Directory Domain Server 2016.
Снять сложность пароля в Active Directory 2016.
1. В контроллере домена AD Server 2016 откройте Диспетчер серверов а затем из инструменты меню, откройте Управление групповой политикой. *
* Кроме того, перейдите к Панель управления -> Инструменты управления -> Управление групповой политикой.
2. Под Домены, выберите свой домен и затем щелкните правой кнопкой мыши в Политика домена по умолчанию и выбрать редактировать.
3. Затем перейдите к:
- Конфигурация компьютера \ Политики \ Параметры Windows \ Параметры безопасности \ Политики учетных записей \ Политика паролей
4. На правой панели дважды щелкните на Пароль должен соответствовать требованиям сложности.
5. Выбрать Определите этот параметр политики: отключено а затем нажмите хорошо.
6. Наконец, откройте командную строку от имени администратора и введите следующую команду, чтобы обновить групповую политику.
- gpupdate / force
Часть 2. Как отключить требования сложности пароля в автономном сервере 2016 года.
1. Из диспетчера сервера перейдите на инструменты и открыть Политика локальной безопасности, или (дополнительно) перейдите к Панель управления открыто Инструменты управления а затем откройте Политика локальной безопасности.
2. Под Настройки безопасности, Выбрать Политика паролей.
3. На правой панели дважды щелкните на Пароль должен соответствовать требованиям сложности.
4. Выбрать инвалид а затем нажмите ХОРОШО.
5. Наконец, откройте командную строку от имени администратора и введите следующую команду, чтобы обновить групповую политику.
- gpupdate / force
Это оно! Дайте мне знать, если это руководство помогло вам, оставив свой комментарий о вашем опыте. Пожалуйста, любите и делитесь этим руководством, чтобы помочь другим.
The «Password must meet complexity requirements» policy setting in Server 2016, determines the minimum requirements when passwords are changed or created. The rules that are included in the Windows Server password complexity requirements are part of Passfilt.dll, and they cannot be directly modified.
By default in Server 2016, passwords must meet the following minimum requirements:
1. Passwords must not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
2. Passwords must be at least seven characters in length.
3. Passwords must contain characters from three of the following four categories:
a. English uppercase characters (A through Z)
b. English lowercase characters (a through z)
c. Base 10 digits (0 through 9)
d. Non-alphabetic characters (for example, !, $, #, %)
This tutorial contains instructions on how to turn off the Password Complexity requirements on a Stand-Alone Server 2016 or in a Active Directory Domain Controller 2016.
How to Remove the Password Complexity requirements in Active Directory Server 2016 or a Stand Alone Server 2016.
Part 1. How to Disable Password Complexity requirements in Active Directory 2016.
Part 2. How to Disable Password Complexity requirements on a stand-alone Server 2016.
Part 1. How to Turn Off Password Complexity requirements in Active Directory Domain Server 2016.
To remove the password complexity in Active Directory 2016.
1. In Server 2016 AD Domain Controller, open the Server Manager and then from Tools menu, open the Group Policy Management. *
* Additionally, navigate to Control Panel -> Administrative Tools -> Group Policy Management.
2. Under Domains, select your domain and then right click at Default Domain Policy and choose Edit.
3. Then navigate to:
- Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy
4. At the right pane, double click at Password must meet complexity requirements.
5. Select Define this Policy setting: Disabled and then click OK.
6. Finally, open Command Prompt as Administrator and give the following command to update the group policy.
- gpupdate /force
Part 2. How to Turn Off Password Complexity requirements in a standalone Server 2016.
1. From Server Manager go to Tools and open Local Security Policy, or (additionally), go to Control Panel open Administrative Tools and then open the Local Security Policy.
2. Under Security settings, select Password Policy.
3. At the right pane, double click at Password must meet complexity requirements.
4. Select Disabled and then click OK.
5. Finally, open Command Prompt as Administrator and give the following command to update the group policy.
- gpupdate /force
That’s it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
This security setting determines whether passwords must meet complexity requirements. Complexity requirements are enforced when passwords are changed or created.
If this policy is enabled, passwords must meet the following minimum requirements when they are changed or created:
Passwords must not contain the user’s entire Account Name value or entire display Name (Full Name) value. Both checks are not case sensitive.
In this tutorial, you will learn how you can disable the password complexity policy on Windows Server 2016.
Remove Password Complexity
1. Open Server Manager from the Start Menu.
2. Click on Tools, and then click on “Group Policy Management”.
3. Right-click of “Default Domain Policy” which it will be located under your domain name and click Edit.
4. Expand the policy Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy, just like the screenshot below.
5. From the right pane do a double-click on the policy named “Password Must Meet Complexity Requirements“.
6. Check on “Disabled” and then click Ok.
7. Close “Group Policy Management” and run CMD as Administrator.
8. Run the below command on your server and also on all the client’s computer so the changes can take effect.
gpupdate /force
9. If you followed our steps correctly you find the result of the CMD command just like the below screenshot.
Disable Password Complexity using PowerShell
1. Run PowerShell as Administrator from the Start Menu.
2. Copy & Paste the below command on the PowerShell window to disable password complexity.
secedit /export /cfg c:\secpol.cfg
(gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY
rm -force c:\secpol.cfg -confirm:$false
3. Now Password Complexity Policy is disabled successfully.
Summary
After this tutorial, you should be able to know how you can remove a password complexity policy on Windows Server 2016 through the “Group Policy Management” and also through PowerShell.
Windows Server
- 10.12.2014
- 44 351
- 9
- 05.07.2022
- 42
- 38
- 4
- Содержание статьи
- Отключаем требования сложности к паролю через редактор групповых политик
- Комментарии к статье ( 9 шт )
- Добавить комментарий
Начиная с Windows Server 2003, для всех пользователей операционной системы стали предъявляться повышенные требования к сложности пароля. Пароль пользователя должен соответствовать как минимум 3 условиям из списка перечисленного ниже:
- Наличие прописных букв английского алфавита от A до Z;
- Наличие строчных букв английского алфавита от a до z;
- Наличие десятичных цифр (от 0 до 9);
- Наличие неалфавитных символов (например, !, $, #, %)
Отключаем требования сложности к паролю через редактор групповых политик
Если же кто-то находит все эти сложности лишними, то это весьма легко отключается. Для этого нужно проделать действия описанные ниже.
- Открываем «Выполнить» (Пуск — Выполнить или поочередно зажимаем клавиши Win+R), после чего набираем gpedit.msc и жмем ОК.
- В левой панели выбираем Конфигурация компьютера — Конфигурация windows — Параметры безопасности — Политики учетных записей — Политика паролей. Там выбираем пункт «Пароль должен отвечать требованиям сложности».
- Открываем настройки данного параметра, щелкнув по нему два раза. Выбираем «Отключен».
- Нажимаем на кнопку «ОК» для сохранения изменений.
What is Password Policy?
Password policy is the policy which is used to restrict some credentials on windows server 2016 and previous versions of Server 2012, 2008 and 2003.
A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organisation’s official regulations and may be taught as part of security awareness training. The password policy may either be advisory or mandated by technical means. Some governments have national authentication frameworks that define requirements for user authentication to government services, including requirements for passwords. So follow the under instructions to know how to configure password policy with windows server 2016. “Wikipedia”
How to Configure Password Policies with Windows Server 2016?
You can open up Group Policy Management Editor into three various ways.
First Method: press windows key and type control panel and now select administrative tools and then select local security policy. A new window will pop up, click account policies, Password Policy. Here you will see about six policies. If you don’t want to use the graphical way just type gpedit.msc on the RUN window then hit enter. Now go to this path. Computer Configuration/Windows Settings/Security Settings/Password Policy.
Local Group Policy Editor
Second Method: If you don’t want to use the graphical way just type gpedit.msc on the RUN window then hit enter. Now go to this path. Computer Configuration>Windows Settings>Security Settings>Password Policy.
Group Policy Editor
Third Method: Open Server Manager and click on Tools. Scroll down until you see the GPO (Group Policy Management). Right, click on the Domain then choose Edit. Now you will see the same window as before. Go to Computer Configuration> Windows Settings> Security Settings> Password Policy.
These were three different ways that you can apply password policy on the network computers.
What is Enforce Password History?
Enforce password history is the policy that doesn’t allow the users to use the same password for many times. For example, Once your Device password is Admin, and for the next time, you can’t use this password for login on your computer. After some months or year, it may expire. When it is expired, so you must use another password. Here I have set it to 10 times. It means that I can’t use my old password less than 10 times. In ten times, I must use a different password. After 10 times, I can use my first password. For more information, look at the chart below.
Enforce Password History rules
What is Maximum password Age?
This security setting determines the time in days that a password can be used before the system requires the user to change it. You can set passwords to expire after several days between 1 to 999, or you can specify that passwords never expire by setting the number of days to 0 if the maximum password age is between 1 and 999 days. The minimum password age must be less than the maximum password age if the maximum password age is set to 0. The minimum password age can be any value between 0 and 998 days.
Maximum Password Age
Note: It is a security best practice to have passwords expire every 30 to 90 days, depending on your environment. This way, an attacker has a limited amount of time to crack a user’s password and have access to your network resources.
What is the Minimum Password Age?
The minimum password age must be less than the maximum password age unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 to 998. It’s vital that you have to use the minimum password age. If you don’t use, the user may cycle the password history till they get their old favourite password. If you set the minimum password age, so they will not change their password quickly.
Minimum Password Age
What is the Minimum Password Length?
This is security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or establish that no password is required by setting the number of characters to 0. Here I have set up to 8 characters. Mostly you see this policy on websites or social accounts.
Minimum Password Length
What are Password Complexity Requirements?
If this policy is enabled, passwords must meet the following minimum requirements.
- Be at least six characters in length
- Contain characters from three of the following four categories
- English uppercase letters (A through Z)
- English Lowercase letters (a through z)
- Base 10 digit (0 through 9)
- Non-alphabetic characters ( !,@,#,$,%&,*)
Password Must Meet Complexity Requirements
It’s beneficial and restricts vulnerabilities. You can see this policy when you create an Apple ID.
Store Passwords Using Reversible Encryption
This policy provides support for applications that use protocols that require knowledge of the user’s password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information. I should tell you when you enabled this option; it will encrypt the password and no-one can access your password very easily.
Store Passwords Using Reversible Encryption
It was all about how to configure password policies with windows server 2016. It does not only work on windows server 2016 but also work on later versions. Thanks for being with us.