Hi folks!! Has anyone else run into this issue where Hexnode’s password policy fails because it conflicts with the existing Microsoft account complexity requirements?
16 Views
Replies (5)
Marked SolutionPending Review
Participant
1 day ago
Dec 07, 2025
Marked SolutionPending Review
Guys, the issue is simple. Hexnode’s password rules don’t line up with Azure AD. Just lower the minimum length and allow simple values, done.
Marked SolutionPending Review
Participant
22 hours ago
Dec 07, 2025
Marked SolutionPending Review
Not exactly. The real blocker is local accounts where User cannot change password is set to No. Even if you tweak the policy, those users won’t be able to reset until you fix that restriction.
Marked SolutionPending Review
Hexnode Expert
18 hours ago
Dec 07, 2025
Marked SolutionPending Review
Thank you all for your valuable input.
To begin with, you need to identify the restricted user from the local accounts. This can be done by navigating to the Manage tab > Device > select device > Local accounts. Once there, click on each of the local accounts and check which one has the setting “User can change password” set to No. After identifying the restricted user, the next step is to enable them to change their password.
The first method to remove this restriction is by using a script. Go to the Manage tab > Device > Action > Execute custom script. From there, open the Hexnode repository and generate a script using Hexnode genie. Paste the following command into the script editor:
powershell
Set-LocalUser -Name “User_Account_Name” -UserMayChangePassword $true
Replace “User_Account_Name” with the actual name of the restricted account. Save the script with a .ps1 extension and run it. Once executed, check again to confirm that the “User can change password” option is now set to Yes.
The second method is to perform the change manually from the device. You can open PowerShell as an administrator and run the same command directly. Alternatively, press Win+R, type lusrmgr.msc, and press Enter. Double-click on Users, select the restricted account, right-click and choose Properties. In the properties window, uncheck the option “User cannot change password” and click OK. After this, perform a Scan Local Accounts action from the Hexnode portal and resave the policy.
Finally, ensure that the password policy is updated. Enable Allow Simple value, set the minimum length to less than or equal to 8, and configure Password Complexity so that it does not require uppercase characters. You can choose digits only, or a combination of digits and lowercase letters. Beyond this, you may apply additional complexity rules as needed. This ensures that the user can change their password while still maintaining the required security standards.
Regards,
Mary Romero
Marked SolutionPending Review
Participant
11 hours ago
Dec 07, 2025
Marked SolutionPending Review
Oh man, I’ve hit that wall too. It’s super annoying when you think you’ve set a “strong” password that ticks all the boxes, and then Microsoft throws a fit saying nope, not valid.
Marked SolutionPending Review
Participant
4 hours ago
Dec 08, 2025
Marked SolutionPending Review
End of the day, if people can’t log in, they’ll find workarounds like writing passwords down, which is worse. So yeah, usability matters just as much as security.
Save
