Password policy customization

Tutorials Win: Microsoft Windows Forum

Hello,

We are to implement a password policy that has several items that are not
available via the ADUC --> Windows Settings --> Security Settings --> Account
Policies --> Password Policies.

We are thinking of:
1. Password must begin with a letter.
2. It must have at least 1 number.
3. Special characters are not allowed and
4. Must not contain consecutively repeating characters like aa or 11 etc.

Is there a way to customize this or does anyone know of a 3rd party software
that can help us out with this.

Thanks for view my post, any help or comment will be appreciated.

Jayman.
Top

Re: Password policy customization by Florian

Florian
Tue Aug 05 23:01:00 PDT 2008

Jayman,

jayman wrote:
> We are to implement a password policy that has several items that are not
> available via the ADUC --> Windows Settings --> Security Settings --> Account
> Policies --> Password Policies.
>
> We are thinking of:
> 1. Password must begin with a letter.
> 2. It must have at least 1 number.
> 3. Special characters are not allowed and
> 4. Must not contain consecutively repeating characters like aa or 11 etc.
>
> Is there a way to customize this or does anyone know of a 3rd party software
> that can help us out with this.

What is want is not built into the complexity directly (well, point 2 is
but the others aren't). You've got two options:

(1) Create your own passfilt.DLL file. That's the file that checks the
passwords. You can build your own logic in there. Since you'd have to
copy the passfilt.dll to all DCs and it handles security, it would
require a lot of testing and tweaking. Not sure if you want that:
http://msdn.microsoft.com/en-us/library/ms722458(VS.85).aspx.

(2) Go have a third party solution for this. I haven't tested the
solutions below myself but two fellow-MVPs, Mark and Norbert, did:

-SpecOps Password Policy
-Altus Passfilt Pro

Those are only two - there may be other products you can look at.

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Top

Re: Password policy customization by Paul

Paul
Wed Aug 06 05:44:28 PDT 2008

Third party password tool we use is Password Policy Enforcer, it is
enforceable by OU pre-2008. So you can have multiple password policies and
still not be running Windows Server 2008.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> wrote in
message news:Ocyrxn49IHA.1448@TK2MSFTNGP02.phx.gbl...
> Jayman,
>
> jayman wrote:
>> We are to implement a password policy that has several items that are not
>> available via the ADUC --> Windows Settings --> Security Settings -->
>> Account Policies --> Password Policies.
>>
>> We are thinking of:
>> 1. Password must begin with a letter.
>> 2. It must have at least 1 number.
>> 3. Special characters are not allowed and
>> 4. Must not contain consecutively repeating characters like aa or 11 etc.
>>
>> Is there a way to customize this or does anyone know of a 3rd party
>> software that can help us out with this.
>
> What is want is not built into the complexity directly (well, point 2 is
> but the others aren't). You've got two options:
>
> (1) Create your own passfilt.DLL file. That's the file that checks the
> passwords. You can build your own logic in there. Since you'd have to copy
> the passfilt.dll to all DCs and it handles security, it would require a
> lot of testing and tweaking. Not sure if you want that:
> http://msdn.microsoft.com/en-us/library/ms722458(VS.85).aspx.
>
> (2) Go have a third party solution for this. I haven't tested the
> solutions below myself but two fellow-MVPs, Mark and Norbert, did:
>
> -SpecOps Password Policy
> -Altus Passfilt Pro
>
> Those are only two - there may be other products you can look at.
>
> cheers,
>
> Florian
> --
> Microsoft MVP - Group Policy
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
> Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste


Top

RE: Password policy customization by jayman

jayman
Wed Aug 06 11:31:03 PDT 2008

Thank you all, I will check out the options suggested.

Jayman

"jayman" wrote:

> Hello,
>
> We are to implement a password policy that has several items that are not
> available via the ADUC --> Windows Settings --> Security Settings --> Account
> Policies --> Password Policies.
>
> We are thinking of:
> 1. Password must begin with a letter.
> 2. It must have at least 1 number.
> 3. Special characters are not allowed and
> 4. Must not contain consecutively repeating characters like aa or 11 etc.
>
> Is there a way to customize this or does anyone know of a 3rd party software
> that can help us out with this.
>
> Thanks for view my post, any help or comment will be appreciated.
>
> Jayman.
>
Top