What is the 'Password not required' flag and where is this information stored? (NETIQKB10436)

  • 7710436
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal
What is the 'Password not required' flag and where is this information stored?

fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.x

fix

The Password not required flag was misnamed. It really means 'password not required during the creation process'.   What the Password not required check box actually does is allow the creation of a user account without specifying a password. In Windows 2000, the value is turned ON by default.

This only comes into play if you have a password policy.  If you have no password policy, then this bit is completely irrelevant.  If you do have a password policy, you normally would not be able to create a user with no password.  Turning this bit on allows you create a user with no password.  It does NOT allow you to set a password that violates the password policy.  It just lets you skip the step of setting a password, but only for the UserCreate operation. Once the user has been created, the bit no longer serves any purpose.  

For example,  suppose you define password policies specifying that everyone must have a password over 8 characters in length. If you try to create a user without setting his password, Windows will reject you because that user is not meeting password policy (obviously a blank password is not over 8 characters). However, what you really want is to create a user with no password and let that user set his/her own password at next login. The password policy will not let you do this unless you set the "Password not required" bit to true while creating the user. You will then be able to create a user with no password.  When the user logs in (with a blank password), he/she will be prompted to change their password and the new password must conform to the password policy.   The Active Directory property of Password not required is called PasswordRequired.

The 'Password not required' attribute is set to "Password Required" which can not be viewed in ADU&C. You can customize a .cms file and set it to "Password not required" by using the CMAK Wizard. More information can be obtained from the help menu in Windows 2000 by typing in 'Password Required'.



Additional Information

Formerly known as NETIQKB10436