Saturday, March 01 2014
Keywords: Password Validation, SQL Server, Error 15118, Not Complex Enough, Windows Policy, Password Policy, Password must meet complexity requirements, Security Settings
Error 15118: The password does not meet Windows policy requirements because it is not complex enough
I recently ran to a situation on a development machine where I absolutely needed to use a given password in SQL Server and although the provided password was quite long…and impossible to guess…it was still not considered a strong password due to lack of special characters…so I got prompted with the following error:
"Password validation failed. The password does not meet Windows policy requirements because it is not complex enough. (Microsoft SQL Server, Error: 15118)"
The validation requirement process is not part of SQL Server per se, but rather part of Window’s Local Security Policy.
To fix it I went to "Administrative Tools" and launched "Local Security Policy".
From there: Security Settings --> Account Policies --> Password Policy
And attempted to disable "Password must meet complexity requirements"...but I wasn’t allowed to modify it as it was locked / grayed out / inactive, and wouldn’t let me change its value, due to a policy enforced through the company’s domain.
I would not recommend modifying these security settings on a production, stage or shared server environments where sensitive data might reside. But this wasn’t the case this time.
There is still a way to disable this setting without going through Domain Administrator, who would not even consider your request anyways.
1) Launch command prompt, as Administrator if possible
2) Type secedit /export /cfg c:\somefolder\local.cfg
3) Launch Notepad. Open local.cfg to edit.
4) Where it says “PasswordComplexity=1”, change 1 to 0.
5) While you are here, you could also set the minimum length requirements lower or higher with the “MinimumPasswordLength” key.
6) Save and Close Notepad.
7) At the command prompt, type “secedit /configure /db %windir%\security\local.sdb /cfg c:\somefolder\local.cfg /areas SECURITYPOLICY
8) Close and re-launch “Local Security Policy” window, or just refresh its values.
9) Done…now you can set your less complex, less secure password!
Written by Montreal DBA Team