Professional Documents
Culture Documents
Julesduvivier PasswordFilterService PDF
Julesduvivier PasswordFilterService PDF
julesduvivier / PasswordFilterService
10 stars 0 forks
Star Watch
master
View code
README.md
PasswordFilterService
Introduction
PasswordFilterService is a password policy enforcement tool for Windows Active Directory.
Windows has a basic password complexity rule but no good controls to enforce the use of
reasonable passwords. This basic policy accepts many weak password like Password1 or
Company2017
PasswordFilterService checks new passwords for compliance with your custom password
policy and rejects non-compliant passwords.
Getting Started
PasswordFilterService.exe is a C#-based binary service that provide a simple UI to manage
your password policy. The service embedded the password filter DLL for 64 and 32 bit
We use optional third-party analytics cookies to understand how you use GitHub.com so we can build better
system.Learn more.
products.
Accept Reject
https://github.com/julesduvivier/PasswordFilterService 1/4
30/11/2020 julesduvivier/PasswordFilterService
The password filter DLL is coded in C and loaded by LSASS on boot and will be queried
every time a users try to change his password. For further information check the github
project at : https://github.com/julesduvivier/PasswordFilter
Then you just need to reboot your DC to start using your password policy.
Rules
PasswordFilterService.exe provide you a simple interface to custom your rules :
We use optional third-party analytics cookies to understand how you use GitHub.com so we can build better
products. Learn more.
Accept Reject
https://github.com/julesduvivier/PasswordFilterService 2/4
30/11/2020 julesduvivier/PasswordFilterService
Length
The Length rule rejects passwords that contain too few characters.
Complexity
the Complexity rule rejects passwords that do not contain characters from a variety of
character sets like lower, upper, digit and special characters
Consecutive letters
The Consecutive letters rule rejects password that contains too many consecutive
characters
Log file
The PasswordFilter function is implemented by the PasswordFilter DLL. This function simply
replies with a TRUE or FALSE, as appropriate, to indicate that the password passes or fails
the test. Thereby, it's impossible to return the error message directly to the user so the log
file allow the admin of the domain to know the reason of a password rejection.
Wordlist
The Wordlist rule rejects password which contains a word from the dictonary. Your
dictonary must contain one forbidden word per line. There are many tools to generate
custom wordlist (e.g. based on your company name)
Example of wordlist :
We use optional third-party analytics cookies to understand how you use GitHub.com so we can build better
Company
products. Learn more.
COMPANY
c0mp4ny
Accept Reject
Password
https://github.com/julesduvivier/PasswordFilterService 3/4
30/11/2020 julesduvivier/PasswordFilterService
Passw0rd
...
Tokens wordlist
The Tokens wordlist rule rejects password's token which match perfectly with this second
dictionnary. The password is tokenized based on the change of the characters types and
each tokens are compared with the tokens wordlist.
123
May
2016
...
The password PasswordMay1 will be rejected because it contained the substring May but
PasswordMaya1 will not be rejected because the token Maya isn't in the Token wordlist.
Releases 3
v1.2 Latest
on 22 Aug 2017
+ 2 releases
Packages
No packages published
Languages
We
C# use optionalSmalltalk
96.9% third-party
2.8%analyticsBatchfile
cookies0.3%
to understand how you use GitHub.com so we can build better
products. Learn more.
Accept Reject
https://github.com/julesduvivier/PasswordFilterService 4/4