How to change the default password policies in vSphere 5.5

I’ve recently installed vCenter server appliance (VCSA) to manage my lab environment running vSphere 5.5. It’s faster than instaling a vCenter under Windows and it’s the future. I was wondering how to change the default password policies in vSphere 5.5?  The Default vCenter SSO configuration password policy is set to expire passwords in 90 days with last 5 passwords which cannot be reused. You also need to use complex passwords. You might want to change this default behavior as you probably do the same for Windows AD password policies as well. So How to change the default password policies in vSphere 5.5?

The biggest thing which retaining many people to deploy VCSA in production is probably a support for external SQL database. But this will be added, sooner or later. So why not test the deployment and management in a lab for the moment and familiarize with the administration?

How to change the default password policies in vSphere 5.5

It’s very easy to do that when you got the vSphere client up and running, go and navigate to:

Home > Administration > Single Sign-On >Configuration > Policy TAB > Password policies > Edit button


If you have added your Domain and using AD as an identity source like I did – VCSA 5.5 Installation and configuration – Part 2 – then you probably managing the password expire policy through your AD for your domain users and groups already.

VCSA Appliance Password Policy

The above was setting for password policy settings for vSphere environment. Concerning the VCSA appliance, there is also a local password policy which by default expire your password in 90 days too, so you might want to disable it or change it too… otherwise you might be suprised one day and won’t be able to login locally to administer your VCSA.  The appliance offers easy way to check for updates and (or) upgrades, restart and configure different services etc.

Where to find local VCSA password policy?

01. connect to the VCSA appliance through https://<ip_of_the_appliance>:5480

02. Use default user/password  (if you haven’t changed yet) root/vmware

03. Go to the Admin TAB and there you see the options… Note that you can also set an e-mail to be notified before the password expire.

vCenter Server Appliance Password Policy settings


Posts that you should check:


Rate this post


  1. Stu Duncan says

    So I’ve tried to change the default policy, but it won’t ever allow it to be saved.

    I just change name – PWpolicy
    and change expiration to 0 days.

    It fails.

    If I change the expiration to 900 or 9000 or anything else, it works fine.

Leave a Reply

Your email address will not be published. Required fields are marked *