|
Posted by Byron Hynes [MS] on October 4, 2005, 2:35 am
If you were Registered and logged in, you could reply and use other advanced thread options
Joe is absolutely right.
To add a bit, to the history:
The reason that you see so many NT4 references is that prior to NT4 SP2,
it was not built in to the system:
"To enforce password complexity in your organization, you can enable the
Password must meet complexity requirements security setting. The complexity
requirements enforced by this setting are stored in Passfilt.dll. In Windows
2000 operating systems and later, Passfilt.dll is built into the operating
system. In Windows NT Server 4.0, you must add the Passfilt.dll file to the
operating system to achieve the same results. Passfilt.dll is included in
Windows NT Server 4.0 Service Pack 2 and in later service packs."
However, the Windows Server 2003 documents make it clear it is still used.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
Be very careful, however, when you start replacing system components with
home-grown ones.
Byron Hynes
Windows Server
Microsoft Corporation
http://spaces.msn.com/members/byronphynes
> Nope, password filters work even on the Windows Server 2003 R2 betas
> from what I have seen.
>
> Also the C++ guru should also be a Windows system programming Guru.
> For instance a UNIX c++ guru is probably going to mess it up and
> password filters are very sensitive things.
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
> Jon LaBarge wrote:
>
>> I think that is exactly what I am finding out. It's been 6 years
>> since I have done any C++ at all. Luckily we have a C++ guru starting
>> here very soon.
>>
>> Here's another question...
>>
>> Do the passfilt's only work in a NT 4.0 sp2 scenario? All the
>> documentation I am reading about in the SDK has references to 4.0 sp2
>> only.
>>
>> Jon
>>
>>
>>> The SDK just has a sample, you don't really want to use the sample,
>>> you want to write your own.
>>>
>>> If you are not an accomplished Windows C++ programmer, you do not
>>> want to write your own password filter. You will have issues, they
>>> could be security, they could be system stability, but you will have
>>> issues. I haven't seen many custom password filters written by even
>>> experiences Windows C++ programmers.
>>>
>>> Anyway, you don't need passfilt.dll at all. You just need to code a
>>> DLL with the proper entry points and register it with the OS.
>>>
>>> --
>>> Joe Richards Microsoft MVP Windows Server Directory Services
>>> www.joeware.net
>>> Jon LaBarge wrote:
>>>
>>>> Steve,
>>>> Thanks for the information. I found all of this online yesterday,
>>>> however, it continually refreences the SDK, shich we do not have
>>>> (to my
>>>> knowledge). It seems as though you need to have the passfilt.dll
>>>> somewhere on your DC before it will allow you to edit it. Am I
>>>> hitting on
>>>> the right cylinders here?
>>>> Jon
>>>>
>>>>
>>>>> Custom password filters can still be built for Windows 2000/2003
>>>>> and the link below may help though I have never tried such myself.
>>>>>
>>>>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/s
>>>>> ecmgmt/security/sample_password_filter.asp
>>>>>
>>>>> Otherwise consider strengthening your passwords by increasing the
>>>>> minimum length and also and train users to think "pass phrases"
>>>>> instead of passwords. When users are trained to use pass phrases
>>>>> they can more easily remember long passwords that will be very
>>>>> strong with default password complexity enabled. See the link
>>>>> below for advantages of using pass phrases. --- Steve
>>>>>
>>>>> http://www.microsoft.com/technet/security/secnews/articles/itprovi
>>>>> ewpoint100504.mspx
>>>>>
>>>>>
>>>>>> I am trying to figure out a way to enable customized password
>>>>>> complexity in W2K Server on the Domain Level Policies. By
>>>>>> default, W2K Srvr sets p/w complexity to 3 caps, 3 numbers, and 3
>>>>>> special characters. Is there a way to create your own template
>>>>>> for password complexity?
>>>>>>
>>>>>> I know in NT 4.0 SP2, a passfilt.dll file was included and you
>>>>>> could supply your own guidlines for complexity. Nothing like this
>>>>>> exists as far as I can tell on W2K. Any ideas?
>>>>>>
>>>>>> Thanks.
>>>>>>
| 
XML site map