PreviousNext

ANIXIS Web Site

Password Policy Enforcer

Active Directory Users and Computers

This is how administrators and helpdesk operators often change user passwords. In fact, the Active Directory Users and Computers Console does not change passwords; it resets them. This is an important distinction because a password reset is:

PPE's default configuration treats password resets just like password changes, but you can configure PPE so that reset passwords are not required to comply with the password policy. To test password policies from the Active Directory Users and Computers Console:

  1. Start the Active Directory Users and Computers Console (dsa.msc).
  2. Right-click a user object, and then click Reset Password...
  3. Type a password in the New Password and Confirm Password text boxes.
  4. Click OK.

The table below contains some sample passwords and expected test results for the Users policy. Try to change the PPETestUser account password to confirm that PPE is enforcing the password policy correctly.

The Active Directory Users and Computers Console does not tell you why a password was rejected. Use the PPE management console, or the Change Password dialog to see this information.

Password
Result
Reason
AbdF6
Rejected 
Does not contain at least 7 characters
abd65fgo
Rejected
Does not contain an upper alpha character
ABD65FGO    
Rejected
Does not contain a lower alpha character
PPETest1
Rejected
Similar to user logon name
Aardvark
Rejected
Similar to word in dictionary file
tseTEPP
Accepted
 
kravdraA
Accepted
 
Aardv@rk
Accepted
 


PPE accepts the last three passwords because they comply with the password policy, but this highlights some weaknesses in this policy.

These three passwords are only marginally stronger than the rejected passwords. The next section will show you how to improve this password policy.

E-mail support@anixis.com if PPE is not working as expected, and we will help you to resolve the problem.

© Copyright 1998 - 2011 ANIXIS.
All rights reserved.
PreviousNext