Password Policy
Even though passwords are not all that attractive as a security setting, the ability to control passwords using Group Policy can’t be left off of the top 5 list. Windows Server 2008 still uses Group Policy to determine the initial account policy settings, which have not changed since Windows 2000. The settings are initially configured in the Default Domain Policy, but they can be made in any GPO which is linked to the domain. The only thing to keep in mind is that the GPO that contains the account policy settings must have the highest priority of all GPOs linked to the domain.
The settings that you can configure include those shown in Figure 5 and the settings shown in Table 1.
| Policy Setting | Minimum Value | Secure value |
| Min Password Age | 1 | 1 |
| Max Password Age | 180 | 45 |
| Min Password Length | 8 | 14+ |
| Password Complexity | Enabled | Enabled |
To turn password complexity off in Windows 2008 Server follow these steps:
run gpmc.msc (Group Policy Management)
Expand your Domain
Go to <Group Policy Objects> and select <Default Domain Policy>
Expand:
<Computer Configurations> <Policies> <Windows Settings> <Security Settings> <Account Policies> <Password Policy>
Disable Password Complexity.
This is the only way to disable Password Complexity in Server 2008. The local Security Policy can not be used for changing Password Complexity in Server 2008.