You might encounter with error 0x800708c5 while requesting reset password. This means that the password does not meet the password policy requirements. This shows that the password you are trying to set does not meet the Password Policy set on domain side. Sometime Administrator updates the password policy and your password is compatible with the old policies. Your old password keeps on working until you forget your password or it expires automatically. When you go for resetting password you might enter strongest password, but the system will not accept until you meet the new polices. If you are unaware of cracking the error code let us help you. Take last four digits in this case its 08c5; convert it to decimal from hex, it will be 2245. Now open command prompt and type “net helpmsg 2245” and this will show you the details of the error. In order to resolve this issue following steps you can perform.
- Part 1: How to Fix Windows Can't Complete the Password Change Because Error 0x800708c5
- Part 2: The Reason Why Password Must Meet Complexity Requirements
Part 1: How to Fix Windows Can't Complete the Password Change Because Error 0x800708c5
Restarting you AD services will not help you resolve this issue and most probably you can’t go for server restart in your business hours. So, you need an alternative that resolves your problem as soon as possible. PassFab 4WinKey is the only professional software that assures 100% success rate for not only changing domain passwords but also any type of Windows passwords. Most of the software lack this facility but PassFab 4WinKey has made it easier for its users. PassFab 4WinKey wipes the domain’s strong and complex password in less time. In next few steps you will understand that how it does it.
Step 1: Download and install PassFab 4WinKey on your computer. Launch it to burn a bootable disk with USB or CD/DVD.
Step 2: Next, insert your bootable disk to your computer and restart your computer and press F12 or ESC to enter Boot Menus Interface.
Step 3: Now, you should choose your Windows operating system and the Windows account that you need to reset password. Then hit Next to reset Windows password.
Step 4: The whole process will take a few minutes and you will be prompted to restart the computer again to enter your new password.
Now you can pass this password to your user. But your user will again experience the same problem while resetting password. One solution is that you can ask user what password he want to set and this information will be completely confidential and the other thing is you can check the password requirements and you can let the user know about new password policies. Using 1s option might not be correct or you can offend user by asking that question hence you should go for the second option which is discussed in the second part along with the reason that why password must meet the complexity.
Part 2: The Reason Why Password Must Meet Complexity Requirements
Complex password policies should be taken into account because user data is the most important thing above all. User trust you with his/her information and now it’s your obligation to protect it. But setting more complex password policies will force user to contact help desk or write down password somewhere, which is more vulnerable. Hence password polices should be balance between strong and easy password policy. Following are the requirements that are enforced on all user accounts in domain:
1. Enforce password history
This policy ensures user not to use same password or the password used earlier with this account. Default value on domain controller is 24 while most of the I departments use values above 10.
2. Maximum password age
This policy determines the period for which a unique password can be used. After that specific time user is asked to set a new password. The value varies from 1-999 days. Default value is 42 but 30 is mostly used by IT departments.
3. Minimum password age
This policy determines the period after which the user can change their password. Default value is 1. If the enforced password is set then minimum password age must be above 0. If Maximum password age is set between 1 and 999 days, Minimum password age must be less than Maximum password age. If Maximum password age is set to 0, Minimum password age can be any value between 0 and 998 days.
4. Minimum password length:
Determines number of characters a password can contain. Default value of domain is 7 but the value can vary from 1-14.
5. Meet complexity requirements
This policy determines whether the new password should meet the requirements or not. If turned on following criteria shall be met before considering new password.
1. Passwords cannot contain the user's account name or parts of the user's full name that exceed two consecutive characters.
2. Passwords must be at least six characters in length, or the number of characters specified in the Minimum password length policy setting.
3. Passwords must contain characters from at least three of the following four categories:
- English uppercase alphabet characters (A–Z)
- English lowercase alphabet characters (a–z)
- Base 10 digits (0–9)
- Non-alphanumeric characters (for example, !$#,%)
This policy setting is enabled by default on domain controllers and disabled by default on stand-alone servers.
6. Store passwords using reversible encryption
This policy ensures whether the password should be saved in reverse encryption or not. This might help against intruders. This policy is disabled by default.
Now you can set your password policies accordingly but do ensure that it should not be too tough for user that h/she could not memorize password not so easy for any hacker to crack it. A common policy used everywhere is “combination of uppercase and lowercase letters, numbers, and symbols, and are typically a minimum of seven characters long”. It is the balanced policy. Don’t worry if you have set a strict policy once user contacts you to reset his/her password you can use PassFab 4WinKey to easily reset password without effecting your other server activities.