There are third party products that do this stuff. The last one that I saw that was decent and standalone ran around $1500 per domain controller though. It is touchy high security stuff and you need to be careful. I think one of MS's reasons for hesitation for putting something comprehensive out is because the feedback mechanism for bad password choices is horrendous and the next thing people would ask for is for that to be corrected.
MTEC's PSYNCH has the capability to do some serious password filtering as well but when I last looked I did not like how it was implemented as it required coming back to a central PSYNCH server which is a horrible way to handle this. Compared to my usual Exchange 2000 issues, I am thrilled with my capabilities with the OS in regards to this specific issue since it is actually heavily documented and the documentation is right so someone CAN actually do something. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall Sent: Tuesday, November 25, 2003 8:30 AM To: [EMAIL PROTECTED] Nice to know that MS allow us "manager" types to tailor our password setup with ease !!! Cheers:) -----Original Message----- From: Joe [mailto:[EMAIL PROTECTED] Sent: 25 November 2003 13:17 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Password filters for AD 2003 (v2) It isn't something I recommend to programmers who don't regularly code in c/c++. You are injecting code into LSASS which is touchy at best. If you have any memory leaks or other obscure code issues you could really hurt yourself. When I initially started playing with them I was really good with the Win32 API and the various pointer based data structures and had been coding in c/c++ for years and was blue screening servers left and right initially. You could get lucky and hit one right off that works well, on the other hand you could introduce some real hokey issues that take forever to troubleshoot or you could just completely blow your machines up. joe ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall Sent: Tuesday, November 25, 2003 7:50 AM To: [EMAIL PROTECTED] Anyone had any experience creating password complexity filters for use with the Password Policies in AD 2003 ? I'm thinking of creating one here that is more complex than "more than 6 characters" but not so complex as "Must have either A) B) c) or D)" as users keep phoning me up and cant be bothered to adhere to them. Is it something a non VC++ guru can do ? Olly List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
