Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Disallow Common word Password via GPO

Answered Disallow Common word Password via GPO

  • Wednesday, May 02, 2012 6:14 AM
     
     
    Sign In to Vote
    0

    Hi,

    I don't want to allow user to keep common password such as pass@123 etc.
    can i provide some list of password, which DC must not allow user to keep that password.

    Is there any workaround?

    I have already enabled Good Enforce Password History, Maxmimum Password Age, Minimum Password Age & Minimum Password Length.

    Thanks & Regards,
    Param
    www.paramgupta.blogspot.com

     

All Replies

  • Wednesday, May 02, 2012 6:15 AM
     
     
    Sign In to Vote
    0

    There is no such thing in the Active Directory to provide the password list as it could pose a security threat.


    http://www.arabitpro.com

     
  • Wednesday, May 02, 2012 6:21 AM
     
     
    Sign In to Vote
    0

    Param,

     I am affraid , there is no way to do this , You can increase the password history , so that user can not use the same password repeatdely after their password expires.

    Regards,

    _Prashant_

    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

     
  • Wednesday, May 02, 2012 6:56 AM
     
     Answered
    Sign In to Vote
    1

    Hi,

    In pure technical terms, you could do this. You would have to write your own password filter, which could then compare the password to a list stored somewhere - preferrably on the local domain controller so it does not have to be transmitted over the network, though this paradigm presents obvious scalability issues.

    You can read a bit more about password filters below:

    In practical terms, I'd simply but strongly advise you to not go down this path. It's going to have performance implications for one (big ones, depending on the design), and security rammifications for another if you're transmitting anything over the network.

    Cheers,
    Lain

     
  • Wednesday, May 02, 2012 8:59 AM
     
     
    Sign In to Vote
    0

    Hello,

    there is no way to achieve this with builtin tools or GPOs. You can create your custom dll filter as mentioned from Lain Robertson.

    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.