How do I use DSC to turn off the password complexity requirement?

This topic contains 1 reply, has 2 voices, and was last updated by  Arie H 1 year, 3 months ago.

  • Author
  • #38608


    Local users have a password complexity requirement on Windows Server 2012. I can turn this off [imperatively] through regular PowerShell. I use secedit with an export, then I make a text modification, then I do an import. I have looked, but I cannot find the specific Windows Registry keys that correspond to this setting. I found the Maximum Age setting for the password as well as other password keys (e.g., history etc.). What is the Windows Server 2012 Registry Key that corresponds with the sheer complexity? I read that the key is not something that should be manually modified. But at any rate, I do not know which key is the appropriate one.

    Better yet, is there a way to use DSC (with PowerShell 4.0) to turn off the password complexity requirement from all the local users or the new users that will be created? I already know how to use regular PowerShell to accomplish this. I'd love to know how to do this declaratively [with DSC].

  • #38617

    Arie H

    Any action you can do via a powershell script, you can wrap it in the built in Script resource that's in PSDesiredStateConfiguration module that comes bundled in the wmf 5.0 install.
    Haven't tried every single script there is with thus approach so no 100% guarantee but that's why we test and test and test 😉

You must be logged in to reply to this topic.