Disable complex password requirement on Hyper-V server 2012

hyper-v2012I recently experimented with Hyper-V 2012 and found there was no easy way to disable complex passwords, so after searching the net for a while I came across a nice solution that didn’t involve joining and leaving domains and interfering with group policy.  Here it is –


First step is to insert a USB stick and check which drive letter it is (D: in my case), then we can export our current policy:

secedit /export /cfg D:\new.cfg

Remove the USB stick and edit the file on another PC.  We are interested in PasswordComplexity value within the [System Access] section.

[System Access]
MinimumPasswordAge = 0
MaximumPasswordAge = 39
MinimumPasswordLength = 0
PasswordComplexity = 1
PasswordHistorySize = 0
...

Value should be changed to 0 in order to disable complexity check.

Save the file back, insert it back in to the Hyper-V server and import the configuration:

secedit /configure /db C:\Windows\security\new.sdb /cfg D:\new.cfg /areas SECURITYPOLICY

You can now add users with out complex passwords.

 

* Of course you would never do this in a live production environment, complex passwords are a good thing!

Credit goes to this page – http://jmedved.com/2009/09/disabling-password-complexity/

Posted on June 12, 2013 at 23:22 by simon · Permalink
In: Windows · Tagged with: ,

2 Responses

Subscribe to comments via RSS

  1. Written by GrangerG
    on 19 July 2013 at 15:59
    Reply · Permalink

    FYI, you don’t need the “USB” thing; notepad can do Unicode just fine in Win2008 and Win2012. I did it all remotely from an RDP session. I ran “secedit /export /cfg c:\secedit.config.txt”, then used notepad to change the “PasswordComplexity = 1” to be “PasswordComplexity = 0” in the file. Finally, I ran “secedit /configure /db c:\tmp.db /cfg c:\secedit.config.txt /areas SECURITYPOLICY” to apply the change; I deleted the “tmp.db” file afterwards too.

    Oh, and one tip: password expiration is incredibly frustrating on Hyper-V. This will turn it off for the indicated user: WMIC USERACCOUNT WHERE “Name=’username_here'” SET PasswordExpires=FALSE

  2. Written by simon
    on 23 July 2013 at 23:22
    Reply · Permalink

    Thanks for that GrangerG, even slicker 🙂

Subscribe to comments via RSS

Leave a Reply