After releasing the whitepaper on Remotely Managing Server Core boxes, I received a message from a colleague. He claimed the following sentence on page 5 of the Whitepaper to be faulty:
After you first install Windows Server 2008, in either a full or Server Core installation, you are required to change the Administrator password to a password that meets the complexity requirements.
After investigating the issue, I concluded he’s right, although there is a longer story to it.
The above sentence is right for default installations of Windows Server 2008 RTM (with Service Pack 1), but is no longer valid for default installations, using Service Pack 2 slipstreamed media. This behavior applies to both Full and Server Core installations.
Let me explain.
Behavior in Windows Server 2008 RTM (with Service Pack 1)
When you log on the first time to a default Server Core installation of Windows Server 2008 x64 RTM (with Service Pack 1) the new password administrator password must meet complexity requirements. When you enter a simple password or attempt to use a blank password, the following error message is shown:
Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.
After supplying a strong password as the Administrator password (P@ssw0rd and Manage123 would both suffice), the same error and some tips are shown each time you try and change the password from the command line or using the Graphical User Interface behind Ctrl+Alt+Del.
Behavior in Windows Server 2008 with Service Pack 2
When you log on the first time to a default Server Core installation of Windows Server 2008 with Service Pack 2, you can change the administrator password to anything you’d like. If you’re not concerned with security you could even specify a blank password (by not supplying anything in both password fields)!
After logging in, you can change the password to anything you like…
Concluding
Somewhere along the line the default password policies in Windows Server 2008 were loosened. If you’d ask me, that’s not a good thing.
In Windows Server 2008 R2 RTM passwords must meet complexity requirements.
Used media
| Operating System | Media code |
| Windows Server 2008 RTM (SP1) | x14-26714 |
| Windows Server 2008 with integrated SP2 | 342336 |
Login