Disabling Domain Account Security Policies in Windows Server 2008 DC

Cesar De la Torre

Just a tip I always have to do when setting up a Windows Server 2008 VPC (Virtual PC) which is also a DC (Active Directory Domain Controller).

As those machines are just for demos or development environment, I do not want to have the Domain account policies which are quite strict, otherwise I’ll have to change the password after several days (42 days), using complex passwords, etc.

To do so, in your Windows Server 2008 DC (usually a VPC) open the Admin.Tools–>Group Policy Management and go to the Forest–>Domain–>Default Domain Policy. There you can see (within Account policies and password policy) all the policies which are being applied to your DC:


In my case, I want to disable the “Maximum password age” from 42 days to “never” and also about the “password complexity”.

So, if you want to edit those policies, you gotta go to the “More actions” menu (up right) and select “Edit”. Then, another tool is opened. It is called “Group Policy Management Editor” (you could open it directly, of course, using the MMC).

Then you have to open the “Computer Configuration–>Policies–>Windows Settings–>Security Settings–>Account Policies”. At this time, you’ll have to see the following window:


And from here, you can double click on any item and change its value. 🙂

BTW, do not do this in a production environment, as you ar lowering the “security bar”. But, for a dev/demo machine, it is ok. 🙂


Discussion is closed.

Feedback usabilla icon