Password Policy Enforcer PPS Properties

The PPS (Password Policy Server) is the PPE component that checks user passwords and responds to queries from the Password Policy Client. To open the PPS Properties page:

Click the PPS item to display the PPS view.

Click PPS Properties in the right pane of the management console.

Select the Do not check admin/helpdesk password resets check box if PPE should allow administrators and helpdesk operators to choose a noncompliant password when resetting a user's password, or creating a new user account. This option does not change the behavior of the Minimum Age rule, as this rule is never enforced during a reset. The History rule is not enforced during a reset if this check box is selected, even if the Enforce this rule when a password is reset check box is selected in the History Rule Properties page.

Select the Log event when password not checked by PPE check box if PPE should add an entry to the Windows Event Log whenever it accepts a password without checking it. This may occur if:

PPE is disabled.

The policy assigned to a user is disabled.

No policy is assigned to a user, and a Default Policy is not specified.

A password is reset, and the Do not check admin/helpdesk password resets check box is selected.

Select the Use version 3 Character Substitution Table check box if PPE should use the PPE V3.x Character Substitution Table. Only select this check box if some computers in the domain are still running the V3.x Password Policy Client. Refer to the PPE V3.x documentation for a list of substitutions detected by PPE V3.x.

Choose a password policy from the Default Policy drop-down list. Users must comply with the default policy if no other policy is assigned to them. If a default policy is not specified, then PPE will accept any password from users that have not been assigned a password policy.

Using PPE without a default policy is not recommended, as it may leave some passwords unchecked. To exempt some users from having to comply with the password policy when a default policy is specified:

Create a new policy for these users.

Leave all the rules disabled for this policy.

Assign this policy to the users who do not have to comply with any PPE rules.

This technique allows you to exclude some users from the password policy, while still ensuring that all other users comply with a policy.

Refer to the Policy Selection Flowchart for a diagrammatic representation of PPE's policy selection algorithm, or use the Test Policies page to quickly determine which policy PPE will enforce for a particular user.

The Password Policy Client and Password Policy Server communicate over UDP port 1333 by default. If you need to change the default port, then type the new port number in the Password Policy Server Port text box. Port 1333 is assigned by IANA to the Password Policy Protocol, so there should be no need to change it. If you do change the port number, then you must also:

Restart all the Password Policy Server computers.

Configure the Password Policy Client to use the new port.

Click the License tab to display your PPE license details. To install a new license, copy the license to the clipboard, and then click Get license from clipboard.