password policy

4 Topics

Local user management password policy inconsistent behaviour
Hi all, Maybe some of you can enlighten me regarding the windows 10 + 11 local user password policy. The part that I want to question is "not contain parts of the user's full name". Then, let's say I want to create a new user with the following detail: Fullname: Max Mustermann Username: TESTUSER1 Pass: MaxPassword12345678 When I try to create that user via cmd or powershell, either using "net" or "New-LocalUser", it will not succeed and it will show the error "the password does not meet complexity....", which is expected. However, if I try to create the same user with the same credential via lusrmgr, it will be created without any error. So, why there is a different behaviour between lusrmgr and CLI? Then, if we have the existing user, and try to change the password of that user via lusrmgr, and the password contains the part of the user's full name, then the error will be thrown as expected. So, why is it only affect the lusrmgr and only when we create a new user? Is this a bug? Thanks!
ssentanoe
Nov 18, 2025 Place Windows security
47Views
0likes
0Comments
Intune Password Policy Precedence
Hi All Having difficulty trying to figure out the following I have created a password policy on Intune for my MDM device (windows 10 pro) However, i notice that the more restrictive policies always take precedence. For example Local machine has policy to expire user password every 5 days. On Intune the policy for password expiration is set to 10 days. Local machine password expiration policy will take effect. Likewise for option such as password length. I will like to ask if i) is that the expected behavior? ii) is there anyway to force intune created policies onto the local device? Thanks in advance! Jimmy
zeemee
Jul 26, 2024 Place Microsoft Intune
33KViews
0likes
5Comments
Domain user can not change password for AD by him self
Hello, I have a domain controller with windows server 2019 and also i joined many users to this DC and everything is ok expect that domain user cannot change his password by his self through his PC and when he tried to do this this message show to him "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain." I did everything right from group policy , i opened group policy then right click on default domain policy and then clicked edit , then i clicked on this path : Computer Configuration>Policies>Windows Settings>Security Settings>Account policies>Password policy. and made changes about password policy and i saw that user`s PC had applied the policy but nothing change and also use could not change password, is this bug or what? Please help me to solve this problem ASAP. Sorry for little English Thanks.
Solved
Vaguer
Aug 10, 2022 Place Windows Server for IT Pro
97KViews
0likes
4Comments
Minimum password length " -2016281112 (Remediation failed)"
Hi all, I'm trying to set minimum password length with Intune. Before, this didn't work at all, because, quoting from Microsoft: If DevicePasswordEnabled is set to 0 (device password is enabled), then the following policies are set: MinDevicePasswordLength is set to 4 MinDevicePasswordComplexCharacters is set to 1 Basically if I used any Intune password policy, it would be set to 4. However now, suddenly i see this working. In MDM diagnostics, I have; DeviceLock DevicePasswordEnabled 0 DeviceLock MinDevicePasswordLength 14 However, some devices get " -2016281112 (Remediation failed)" ERROR CODE 0x87d1fde8. I have two Azure AD joined Intune devices. One succeeds and the other fails. Both 1809 .437: 1) One succeeds and gets MinDevicePasswordLength=14 while DevicePassWordEnabled =0 (enabled), which shouldn't be possible according to the docs, but it is what I want. 2) The other gets error and sets MinDevicePasswordLength=4 while DevicePasswordEnabled =0 (enabled), as expected by the docs. What's going on? Thanks
WalterPrem
May 24, 2019 Place Microsoft Intune
11KViews
0likes
3Comments