locked
How to Unlock the Security Settings in Win 2008 Server RRS feed

  • Question

  •   Hi,

    I have installed Win 2008 Enterprises edition, i need to change the Password Policy, But the Security Settings is Locked. How to Unlock the Security Settings? Please help me to Unlock...
    Kumar
    Wednesday, January 7, 2009 8:46 AM

Answers

  • Hi,

     

    Could you please tell me more information about your environments? What’s the meaning of the “lock” you mentioned?  Did you mean the Password Policy options are grayed out?

     

    If the Windows Serve 2008 is a standalone computer, and the user you are using has the local administrators rights, you can access the Password Policy and do some change.

     

    If the Windows Server 2008 is in a domain environment, this problem may occur when a domain group policy has defined the policy settings on the domain server. In this case, the corresponding local group policy option will be grayed out. This is expected behavior.

     

    Please perform  the following steps to check whether a domain group policy has defined the settings:

     

    1. Logon as administrator, click Start -> Run, type "rsop.msc" in the text box, and click OK.

    2. Locate the [Computer Configuration\Windows Settings\Security Settings\Local Policies\Account Policies\Password Policies] item.

    3. Check whether the corresponding password options are set. If so, the "Source GPO" column displays the policy that defines this policy.

     

     

    If you want to change the domain group policy, you will need to contact your domain administrator.

     

     

    Best regards,

    Vincent Hu

    • Marked as answer by Vincent Hu Monday, January 12, 2009 1:32 AM
    Thursday, January 8, 2009 7:28 AM

All replies

  • Hi,

     

    Could you please tell me more information about your environments? What’s the meaning of the “lock” you mentioned?  Did you mean the Password Policy options are grayed out?

     

    If the Windows Serve 2008 is a standalone computer, and the user you are using has the local administrators rights, you can access the Password Policy and do some change.

     

    If the Windows Server 2008 is in a domain environment, this problem may occur when a domain group policy has defined the policy settings on the domain server. In this case, the corresponding local group policy option will be grayed out. This is expected behavior.

     

    Please perform  the following steps to check whether a domain group policy has defined the settings:

     

    1. Logon as administrator, click Start -> Run, type "rsop.msc" in the text box, and click OK.

    2. Locate the [Computer Configuration\Windows Settings\Security Settings\Local Policies\Account Policies\Password Policies] item.

    3. Check whether the corresponding password options are set. If so, the "Source GPO" column displays the policy that defines this policy.

     

     

    If you want to change the domain group policy, you will need to contact your domain administrator.

     

     

    Best regards,

    Vincent Hu

    • Marked as answer by Vincent Hu Monday, January 12, 2009 1:32 AM
    Thursday, January 8, 2009 7:28 AM
  • These steps don't work on a new Windows 2008 Standard Domain Controller installation. RSOP.msc simply comes up with a group policy error stating that there are no mappings between account names and security IDs.

    To be clear, this is a brand new forest with a brand new single domain which I installed a clean Windows Server 2008 standard and all of the various Windows updates. Thats it. 

    Is there a DIFFERENT way to unlock the security settings (i.e., without using RSOP)?  In particular, the Password policy options are all greyed out.
    Thank you.


    UPDATE:  I found the steps:

    To turn password complexity off in Windows 2008 Server or change other grayed oout security options, follow these steps:

    (1) run gpmc.msc (Group Policy Management)

    (2) Expand your Domain

    (3) Go to <Group Policy Objects> and select <Default Domain Policy>

    (4) Expand: <Computer Configurations> <Policies> <Windows Settings> <Security Settings> <Account Policies> <Password Policy>

    (5) Disable Password Complexity or change any other settings as desired.

    This is the only way to disable Password Complexity in Server 2008. The
    local Security Policy can not be used for changing Password Complexity
    in Server 2008.

     

    • Proposed as answer by T. Bentes Friday, August 14, 2009 3:50 PM
    Saturday, May 2, 2009 12:07 AM
  • One complement only.. after the steps 4 and 5:

    (4.1) rigth click.. and select <Edit> (its impossible to make change in the GPM.. only in the Editor)
    (4.2) again.. Expand: <Computer Configurations> <Policies> <Windows Settings> <Security Settings> <Account Policies> <Password Policy>
    (4.3) 2 clicks in the <Password must meet complexity requirements>

    (5.1) close the Editor
    (5.2) and than refresh the GPM

    if it does not work.. way a time.. or

    (6) run: gpupdate /Force

    is this. I've helped.
    • Edited by T. Bentes Friday, August 14, 2009 4:16 PM
    • Proposed as answer by Sheepds Friday, February 19, 2010 5:28 AM
    Friday, August 14, 2009 4:11 PM
  • Thank's a lot !!!
    I searched for a while for "unlocking" the same trouble ...
    It worked fine !

    but why are things becoming harder like this ... ?
    Friday, November 6, 2009 12:09 PM
  • I've been trying to figure this out for the longest time! It has been a huge hassle but is now fixed thanks to some of the posters in here!

    I just want to combine all the steps for a final direction of how to configure the password policy if your options are greyed out! thanks to T. Bentes & LesterW1

    ==========================

    (1) Goto Start>Run type in gpmc.msc (Group Policy Management)

    (2) Expand your Domain

    (3) Go to <Group Policy Objects> and select <Default Domain Policy>

    (3.5 - optional) On the Delegation Tab of Default Domain Policy, I had to add the administrators group with full permissions to edit, delete and modify settings. Just choose Add, type administrators, search, accept and choose permissions.

    (4) Back on the left side in the tree, right click on Default Domain Policy and choose Edit

    (5) Expand: <Computer Configurations> <Policies> <Windows Settings> <Security Settings> <Account Policies> <Password Policy>

    (6) Disable Password Complexity or change any other settings as desired.

    (7) Close Editor, goto start>run and type in gpupdate /force
    • Proposed as answer by hbbyboy Friday, March 15, 2013 9:37 PM
    Friday, February 19, 2010 5:34 AM
  • I.  Am.  The.  Domain.  Controller.
    Monday, March 14, 2011 12:20 AM
  • I.  Am.  The.  Domain.  Administrator.
    Monday, March 14, 2011 12:20 AM
  • Windows Server 2008R2 is installed on one PC in a workgroup for use mostly as a fast workstation. The PC is not on any domain. However, I can't unlock Power Management - Password Protection on Wakeup setting. When opening Group Policy Management Console, the message pops up: "To manage Group Policy, you must log on to the computer with a domain user account", and the Console opens empty. Changes in other consoles do not unlock Wakeup Password Protection buttons.

    Any ideas, how to unlock Wakeup Password setting in this scenario?



    Thursday, September 1, 2011 3:34 PM
  • thank you it helps lot ..:)
    Monday, February 17, 2014 11:16 AM
  • Thanks a lot! It works.
    • Edited by Yati Lynn Tuesday, March 24, 2015 3:30 AM
    Tuesday, March 24, 2015 3:23 AM
  • Useful for me. Thanks
    Tuesday, March 24, 2015 3:30 AM
  • I am trying this right now, seems legit.
    Tuesday, August 30, 2016 7:36 PM
  • You made my day! Thank you so much!
    Friday, November 25, 2016 4:40 AM