Password complexity problem

M

Monty51

New to the forums here.

I've tried searching the forums for "password complexity" and got nothing returned, so here's my problem:

I administer a small network of Win XP Pro systems (3) that are on a stand-alone network. No one at the installation that installed those systems is around anymore, so I'm figuring this out as I go. I am moderately versed in Windows administration, although my forte is Unix admin.

I'm trying to change the password on the one user that's common to all systems. Active Directory is not in use here, and the one user mentioned is the only user on the system, aside from Administrator. I've attempted to change the user's password only to be met with the message that the password doesn't meet complexity requirements. Since no one knows how that complexity is defined, I disabled the complexity requirement in secpol.msc, but to no avail. Going a little further, I've disabled complexity, set min length to 5, min and max age to zero...basically opened up the password policy to something akin to porous.

But I still can't set this user's password to anything less than horrendously complex (14 characters min, numbers and special characters required) without getting the "complexity" message again.

I'm missing something, but I don't know where else to look. Does anyone have any suggestions?

thanks,
Monty51
 
I looked at the information and links you provided (thank you). I've seen them before and accomplished much of that already, but there was some new info in the articles on the search page, but alas, no joy. I still can't seem to obliviate the complexity issue. I'd like remove all restrictions now, just to find the source of this problem, then reinstate restrictions as appropriate.

I'll keep digging, but thanks for your input.
 
No hack required. You can take the systems out of the domain so they can join a normal Workgroup. Go Start and Run and in the Open box, type cmd /k dcpromo and hit the Enter key. A wizard will start and you follow the steps, agreeing to ditch the Active Directory on the way. When you restart, the domain will be history and you can start from a normal login. Removing the Control/Al/Delete at login is a simple exercise if it survives shaking off the domain and typing Control Userpasswords2 in the Open box will give you a better form of dialogue box than the usual Control Panel>User Accounts route.

above from HERE, does it help?
 
Active Directory is not an issue: it's not installed or in use by any system (all three of them) on this network. As for resetting a domain password, I'm under the assumption that since AD is not being used, there is no domain to consider. Am I correct on that? Remember, Unix is my forte, not Windows.
 
hmm... I am not to clear on networks or passwords

can you change all the settings in group policy and secpol to undefined versus enable or disable??

I have xp pro and since only my admin account has a password, plus only having one computer, I have not run into this error.
 
To bad MS has discarded your worth and won't help.
If you are getting into your stored data, copy it and wipe the disk and re load XP
what the heck, your getting paid by the hour :):):):)
 
Elizabeth23 said:
hmm... I am not to clear on networks or passwords

can you change all the settings in group policy and secpol to undefined versus enable or disable??

I have xp pro and since only my admin account has a password, plus only having one computer, I have not run into this error.
Click to expand...
I've already disabled as much as I dare. I think the only thing I haven't done is removed password length limitations. Everything else is 0 or disabled.
 
Elizabeth23 said:
Everything else is 0 or disabled.

I want you to put everything to UNDEFINED, not disabled and/or enabled.
Click to expand...
I don't have an 'undefined' option. Everything is 'enabled', 'disabled', or requires a number, such as password age. I'm using Win XP Pro. Are we talking about the password policy settings from secpol.msc?
 
I have xp pro also and see attached pix for how mine is set up, though it is not on a network:
 

Attachments

  • secpol.JPG
    secpol.JPG
    51.1 KB · Views: 242
Elizabeth23 said:
I have xp pro also and see attached pix for how mine is set up, though it is not on a network:
Click to expand...
Except for the minimum length (which I've set to 5), I have everything set like you have it. Still can't get past the complexity problem, but thanks for your interest.
 
https://www.microsoft.com/en-us/download/details.aspx?id=8442

Microsoft Platform Software Development Kit for xp

-------------------------------

Passwords must meet complexity requirements of the installed password filter

Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy


Description

Determines whether passwords must meet complexity requirements.


By default, this setting is disabled in the Default Domain Group Policy object (GPO) and in the local security policy of workstations and servers.


If this policy is enabled, then passwords must meet the minimum requirements described in the Notes section.


IC159172.gif
Notes


The default password filter (passfilt.dll) included with Windows 2000 requires that a password:


  • Does not contain all or part of the user's account name
  • Is at least six characters in length
  • Contains characters from three of the following four categories:
    • English upper case characters (A..Z)
    • English lower case characters (a..z)
    • Base 10 digits (0..9)
    • Nonalphanumeric (For example, !,$#,%)

Complexity requirements are enforced upon password change or creation.

To create custom password filters, refer to the Microsoft Platform Software Development Kit

---------------------

I do not know how to use the SDK but will keep looking for more answers if the above does not help,
 
You must log in or register to reply here.
Back
Top