How to Disable Password Complexity in vCenter Step by Step

VMware vCenter password complexity

VMware ESXi hosts play a critical role in the management of the VMware vSphere virtual infrastructure, and setting password complexity for VMware vSphere users is one of the common security policies. After ESXi 6.5 setup is complete, password complexity requirements are enforced for users, esp. root.

By default, you have to include a mix of characters from four character classes: lowercase letters, uppercase letters, numbers, and special characters such as underscore or dash when you create a password. Besides, password length is more than 7 and less than 40 characters. Also, passwords cannot contain a dictionary word or part of a dictionary word.

However, enabling such complex password policies in a test environment is an annoying thing to do. So in this article, I am going to introduce how to disable password complexity in vCenter.

Requirements of vCenter password policy

The password policy in ESXi 6.x has some requirements, such as length, complexity, uppercase etc:

• Passwords must have characters from at least three character classes. (Uppercase characters (A-Z), Lowercase characters (a-z), Digits (0-9), special characters (~!@#$%^&*_-+=`|\(){}[]:;”‘<>,.?/)
• Passwords which have characters from three/four character classes must be at least seven characters long.
• An uppercase character at the beginning of a password does not count toward the number of character classes used.
• A number that ends a password does not count toward the number of character classes used.
• The password cannot have a dictionary word or part of a dictionary word. This prevents hackers which using a “dictionary method” with their BOTS to guess your password.

How to disable password complexity

It’s not recommended to disable password complexity in vCenter 6.7, especially in production environment. However, if you are in some specific scenarios such as lab learning or testing, you do not need any password complexity rules. You can change this default or other settings, by using the Security.PasswordQualityControl advanced option.

vCenter disable password complexity process:

1. Login into the ESXi host as a root user.

2. Access to Manage >> System >> Advance Settings, then type Password into the search window and press enter.

3. The default values of ESXi 6.7 setting are: retry=3 min=disabled,disabled,disabled,7,7

Select Security.PasswordQualityControl, and Action >> Edit option.

4. Change the password to a simple non-complex password. Example: retry=3 min=1,1,1,1,1

5. You can reset the root password in Security & Users section.

You can use these steps to disable password complexity and change vCenter root password to a simple non-complex password. At the same time, for better protection, virtual machine backup is also necessary to prevent your VMs from malware attack and data loss.

How to protect virtual machines under vCenter

Besides to regular vCenter backup, VMware protection requires a complete virtual machine backup strategy. Here I want to introduce a professional VMware backup software – AOMEI Cyber Backup which performs automated backups for virtual machines and supports various versions including ESXi 6.0-7.0. You are able to backup your multiple virtual machines with its flexible strategies.

With AOMEI Cyber Backup, you can enjoy these features easily.

✦ Auto VM Backup: schedule VMware or Hyper-V virtual machine backups in batch without human errors and perform hot backup to keep business continuity. ✦ Flexible vSphere Backup: batch backup large numbers of VMs managed by vCenter Server, or multiple VMs on a standalone ESXi host. ✦ Multiple Storage Destinations: backup to a local drive, or network destinations like NAS. ✦ Automated Execution: create backup schedules to automate backups daily, weekly, or monthly. ✦ Backup Retention Policy: delete unwanted or expired backups automatically.

Hit the button below to download AOMEI Cyber Backup 30-day free trial.

5 steps to batch backup multiple vCenter VMs

1. Bind Devices: Access to AOMEI Cyber Backup web client, navigate to Source Device > VMware > + Add VMware Device to Add vCenter or Standalone ESXi host. And then click … > Bind Device.

2. Create Backup Task: Navigate to Backup Task > + Create New Task, and select VMware ESXi Backup as the Backup Type.

3. Set Task Name, Device, Target, Schedule, and Cleanup as needed.

• Task Name: you can change the task name or use the default name with an ordinal.
• Device: batch select large numbers of VMs managed by vCenter Server for centralized backup.

• Target: selecting to back up to a local path, or to a network path. Used paths will be saved in Favorite Storage for handy selection.

• Schedule (optional): perform full, differential, or incremental backup, and automate execution according to the frequency you specified.

• Cleanup (optional): configure a retention policy to auto delete old backup files and save storage space.

4. Run Backup: Click Start Backup and select Add the schedule and start backup now, or Add the schedule only.

5. Restore: Click Restore to restore virtual machine from backup, saving the trouble of re-configuring a new one.

▶ Select a VM backup and click Restore to original/new location. It allows you to restore the entire VMware virtual machine to the original or another host easily and quickly.

Summary

When you are in a lab environment and do not need any password complexity rules, you could follow these steps to disable vCenter password complexity. But changing the defaults is something I don’t recommend doing on production systems.

Meanwhile, a reliable VMware backup solution offers comprehensive protection of enterprise data.