Re: Quest about password complexity

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: ANIXIS <anixis@xxxxxxxxx>
• Date: Wed, 01 Aug 2007 11:29:17 -0700

---

On Aug 1, 11:48 am, Alan T <Al...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Thanks Florian!

BTW, does anyone trypassfilt.dll and any experience can share?

Alan



"Florian Frommherz [MVP]" wrote:

Howdie!

Alan T schrieb:

Does any work around (or free tools) to use strong password rather than
enabling "Password must meeting complexity requirements" in AD nor using
third party tools like "Password Policy Enforcer"?

Let say, the password combination is enforced to use number + character.

No, there isn't. Well, you could of course write yourself a custom
passfilt.dll which is responsible for the checking:
http://msdn2.microsoft.com/en-us/library/ms722439.aspx- but since the
self-made-DLL will run on your most important machines (the domain
controllers!) you really won't consider doing that.

You'll have to use a third party tool for that.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog:http://www.frickelsoft.net/blog.- Hide quoted text -

- Show quoted text -

I've worked on a few password filters, including Password Policy
Enforcer that you referred to above. Writing a simple password filter
isn't a massive undertaking. It's just a DLL with a few entry points.
The problem is that the DLL is critical to the stability of your
domain controllers. One serious bug, and you will BSOD them. There are
also a couple of bugs and limitations in the password filter
interface. These aren't noted in the documentation, so you are going
to have to discover and fix them the hard way.

Another problem is that there is no way for a password filter to
return useful error messages back to the user. All the commercial
products have solutions for this now, but it's not easy to implement.


.

---

• Prev by Date: Re: Dual Domain Controllers
• Next by Date: Exchange Contacts in AD
• Previous by thread: Re: Quest about password complexity
• Next by thread: Exchange Contacts in AD
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: PasswordFilter and ASP.NET ... I'm pretty sure that the password filter mechanism doesn't allow you to ... check password history, but I may be wrong about that. ... A lot of the password policy you can actually read by querying the DC. ... we are simply trying to prevalidate. ... (microsoft.public.platformsdk.security) Re: Quest about password complexity ... enabling "Password must meeting complexity requirements" in AD nor using third party tools like "Password Policy Enforcer"? ... (microsoft.public.win2000.active_directory) Re: Password Policy ... The only way to progressively roll out a password policy in a Windows ... Our company sells a configurable password filter that allows you to ... enforce multiple policies and assign them to users, groups, and OUs. ... I want to create a password policy GPO and add groups2 or 3 at ... (microsoft.public.win2000.group_policy)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.active_directory  > 2007-08