Wednesday, May 02, 2012 6:14 AM
I don't want to allow user to keep common password such as pass@123 etc.
can i provide some list of password, which DC must not allow user to keep that password.
Is there any workaround?
I have already enabled Good Enforce Password History, Maxmimum Password Age, Minimum Password Age & Minimum Password Length.
Thanks & Regards,
Wednesday, May 02, 2012 6:15 AM
There is no such thing in the Active Directory to provide the password list as it could pose a security threat.
Wednesday, May 02, 2012 6:21 AM
I am affraid , there is no way to do this , You can increase the password history , so that user can not use the same password repeatdely after their password expires.
MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.
Wednesday, May 02, 2012 6:56 AM
In pure technical terms, you could do this. You would have to write your own password filter, which could then compare the password to a list stored somewhere - preferrably on the local domain controller so it does not have to be transmitted over the network, though this paradigm presents obvious scalability issues.
You can read a bit more about password filters below:
In practical terms, I'd simply but strongly advise you to not go down this path. It's going to have performance implications for one (big ones, depending on the design), and security rammifications for another if you're transmitting anything over the network.
- Proposed As Answer by Santosh BhandarkarMicrosoft Community Contributor, Moderator Wednesday, May 02, 2012 6:58 AM
- Marked As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Monday, May 07, 2012 3:57 AM
Wednesday, May 02, 2012 8:59 AM
there is no way to achieve this with builtin tools or GPOs. You can create your custom dll filter as mentioned from Lain Robertson.
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.