locked
Possibility to set a password exclude list RRS feed

  • Question

  • Hi,

    I wonder if it is possible to set an overall AD password policy to exclude a list of common words (e.g. organization name, current year, summer, winter, project etc etc) without using a third party product? I mean to prevent a user to set a password to #Summer2012 or Microsoft2012 or similar.

    Regards /Magnus


    Magnus Burk

    Tuesday, May 15, 2012 7:48 PM

Answers

  • Hi Magnus-

    You can create a custom password filter.  It will require a bit of programming.  But it can take care of very specific requirements that you have that aren't able to be met with the built-in policies.  Microsoft offers a sample custom password filter for starting.  You should have a look at Enforcing Unique Requirements section of the The Great Debate Pass Phrases Vs. Passwords (Part 3) at the following URL:

    http://technet.microsoft.com/en-us/library/cc512624.aspx

    While you are at it, you may find Part 1 and Part 2 interesting (and you may find that Part 3 makes the most sense if you read all of the parts in order).  Although the information is a bit dated, it is informative and has a lot of the information you need to proceed.

    Brian

    • Marked as answer by Rick Tan Tuesday, May 22, 2012 8:18 AM
    Wednesday, May 16, 2012 3:40 AM
  • Hi Magnus,

    Thank you for the post.

    Like Brian mentioned, custom password filter could achieve your goal. If you are not familiar with the dll file coding, I suggest you contact Microsoft Customer Service and Support (CSS) for this.

    Sample Password Filter
    Installing and Registering a Password Filter DLL
    How and when to contact Microsoft Customer Service and Support

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support


    • Edited by Rick Tan Thursday, May 17, 2012 7:17 AM
    • Marked as answer by Rick Tan Tuesday, May 22, 2012 8:18 AM
    Thursday, May 17, 2012 7:10 AM

All replies

  • Hi Magnus-

    You can create a custom password filter.  It will require a bit of programming.  But it can take care of very specific requirements that you have that aren't able to be met with the built-in policies.  Microsoft offers a sample custom password filter for starting.  You should have a look at Enforcing Unique Requirements section of the The Great Debate Pass Phrases Vs. Passwords (Part 3) at the following URL:

    http://technet.microsoft.com/en-us/library/cc512624.aspx

    While you are at it, you may find Part 1 and Part 2 interesting (and you may find that Part 3 makes the most sense if you read all of the parts in order).  Although the information is a bit dated, it is informative and has a lot of the information you need to proceed.

    Brian

    • Marked as answer by Rick Tan Tuesday, May 22, 2012 8:18 AM
    Wednesday, May 16, 2012 3:40 AM
  • Hi Magnus,

    Thank you for the post.

    Like Brian mentioned, custom password filter could achieve your goal. If you are not familiar with the dll file coding, I suggest you contact Microsoft Customer Service and Support (CSS) for this.

    Sample Password Filter
    Installing and Registering a Password Filter DLL
    How and when to contact Microsoft Customer Service and Support

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support


    • Edited by Rick Tan Thursday, May 17, 2012 7:17 AM
    • Marked as answer by Rick Tan Tuesday, May 22, 2012 8:18 AM
    Thursday, May 17, 2012 7:10 AM