I am told that PeopleSoft can do checks for a new password against data it contains (street, kid's name, etc), for those unfortunate to be running PS. Apparently some have implemented a product or method that causes Windows domain passwords to be verified through PS which could provide a good filter. Does anyone know what this product is, if I was told a tale, or if it works well?
Rich -----Original Message----- From: Joe [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 6:33 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Password filters for AD 2003 (v2) There are third party products that do this stuff. The last one that I saw that was decent and standalone ran around $1500 per domain controller though. It is touchy high security stuff and you need to be careful. I think one of MS's reasons for hesitation for putting something comprehensive out is because the feedback mechanism for bad password choices is horrendous and the next thing people would ask for is for that to be corrected. MTEC's PSYNCH has the capability to do some serious password filtering as well but when I last looked I did not like how it was implemented as it required coming back to a central PSYNCH server which is a horrible way to handle this. Compared to my usual Exchange 2000 issues, I am thrilled with my capabilities with the OS in regards to this specific issue since it is actually heavily documented and the documentation is right so someone CAN actually do something. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall Sent: Tuesday, November 25, 2003 8:30 AM To: [EMAIL PROTECTED] Nice to know that MS allow us "manager" types to tailor our password setup with ease !!! Cheers:) -----Original Message----- From: Joe [mailto:[EMAIL PROTECTED] Sent: 25 November 2003 13:17 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Password filters for AD 2003 (v2) It isn't something I recommend to programmers who don't regularly code in c/c++. You are injecting code into LSASS which is touchy at best. If you have any memory leaks or other obscure code issues you could really hurt yourself. When I initially started playing with them I was really good with the Win32 API and the various pointer based data structures and had been coding in c/c++ for years and was blue screening servers left and right initially. You could get lucky and hit one right off that works well, on the other hand you could introduce some real hokey issues that take forever to troubleshoot or you could just completely blow your machines up. joe ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall Sent: Tuesday, November 25, 2003 7:50 AM To: [EMAIL PROTECTED] Anyone had any experience creating password complexity filters for use with the Password Policies in AD 2003 ? I'm thinking of creating one here that is more complex than "more than 6 characters" but not so complex as "Must have either A) B) c) or D)" as users keep phoning me up and cant be bothered to adhere to them. Is it something a non VC++ guru can do ? Olly List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
