> complexity checking done by clients for local (SAM) accounts must come from somewhere else
Same implementation only done locally instead of on the DC. The password change requests go to LSA, LSA knows if a filter is registered in HKLM/System/CCS/Control/LSA/ Notification Packages and if one is, it passes the change through the filter before it gets to the SAM. The registration still goes in the same place in the local registry as it does on a DC. -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, August 26, 2010 6:33 PM To: NT System Admin Issues Subject: Re: Minimum password length GPO On Thu, Aug 26, 2010 at 8:55 PM, Ken Schaefer <[email protected]> wrote: > Passfilt.dll (password filter dll) only exist on DCs, so having > knowledge of domain password policy wouldn't be enough. Hmmm. Interesting. So the complexity checking done by clients for local (SAM) accounts must come from somewhere else. Two different implementations, I guess. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: [email protected]. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=8142875.a9cf90b99baa17cb4fcf8293a59eb3b1&n=T&l=ntsysadmin&o=9076920 or send a blank email to leave-9076920-8142875.a9cf90b99baa17cb4fcf8293a59eb...@lyris.sunbelt-software.com
