ANIXIS Web Site

Testing Policies

You can quickly test your PPE configuration by simulating a password change from the PPE management console. To test your PPE configuration:

Click the Policies item to display the Policies view.
Click Test Policies in the right pane of the management console.



Type a user name in the User name text box, and a password in the Old Password and New Password text boxes.
Click Test.

---

Clicking Test simulates a password change, but it does not change the user's password. The PPE management console automatically tests passwords as you type. If you have a slow network connection, then deselect the Test passwords as I type check box to disable automatic testing.

---

The PPE management console displays "Accepted" beside the New Password text box if the new password complies with the PPE password policy, or "Rejected" if it does not comply. Detailed test results appear in the results panel below the New Password text box.

Click the Results tab to view the test results for each rule. The check boxes show which rules the new password complied with, and which rules it did not comply with.

	Rule disabled, or not tested.
	Rule enabled, password complies with rule.
	Rule enabled, password does not comply with rule.

Click the Log tab to view PPE's internal event log. The event log contains valuable troubleshooting information that helps you to understand why PPE accepted or rejected a password. For example, you can use the event log to determine which:

Domain controller the configuration was read from.
Policy was assigned to the user, and why.
Dictionary word or keyboard pattern matched with the password.
Errors or warnings occurred during processing.

---

If a log message is truncated because it is too wide, move the mouse cursor over it to display the entire message.

---

Policy Testing vs. Password Changes

Policy testing simulates a password change, but it may not always reflect what happens when a user changes their password. A password change may yield different results to a policy test because:

Policy testing does not simulate the Windows password policy rules. If the Windows password rules are enabled, then Windows may reject a password even though it complies with all the PPE rules.
Policy testing does not enforce the Minimum Age rule.
Policy testing does not enforce the History rule.
Policy testing enforces the password policy even if PPE or the assigned policy is disabled. This allows you to test your configuration before enabling PPE, or a new password policy.
Policy testing occurs on the computer that the management console is running on. If the management console is running on a workstation, then it may not find the dictionary file on the local computer, or the local dictionary file may be different to the one on the domain controllers. Copy the dictionary file onto the local computer (in the same path) to avoid this problem.
The management console reads the PPE configuration from the domain controller that it is connected to. If the PPE configuration was modified recently, then Active Directory may still be propagating the new configuration to the other domain controllers.