Friday, August 25, 2017

Create local user to bypass password policy


You are trying to create an IIS account for basic authentication, however the domain password policy does not allow you to create such an insecure password.
When trying to edit the local group policy setting of "Password must meet complexity requirements" you run into the issue where the setting is greyed out.


The solution is to perform the following commands from an elevated command prompt.
secedit /export /cfg C:\new.cfg
Edit new.cfg and change line “PasswordComplexity = 1″ to “PasswordComplexity = 0″ and if needed any of the other complexity settings such as  "MinimumPasswordLength = 0"
secedit /configure /db %windir%\security\new.sdb /cfg C:\new.cfg /areas SECURITYPOLICY
Perform the user setup as normal.

Use GPUpdate /force to have the original group policy take effect again.

No comments:

Post a Comment

TIP 0005: Test bad SSL

This is a tool for testing "memorable site for testing clients against bad SSL configs"