Win2K Complex Password Enforcement

Discussion in 'Computer Security' started by Mr. Security, Aug 1, 2005.

  1. Mr. Security

    Mr. Security Guest

    Hey all,

    I'm new to the group and had a quick question:

    Anyone know how to fully enforce complex passwords (4 of 4 Uppercase,
    Lowercase, Number, Special Char.) with Win2K. W2K will only
    enforce/require 3 of the 4. Government standards require 4 of 4. Are
    there .dll's out there I don't know about. I'm trying to avoid third party
    software.

    Any help/ideas is greatly appreciated.

    KB
    Mr. Security, Aug 1, 2005
    #1
    1. Advertising

  2. From: "Mr. Security" <>

    | Hey all,
    |
    | I'm new to the group and had a quick question:
    |
    | Anyone know how to fully enforce complex passwords (4 of 4 Uppercase,
    | Lowercase, Number, Special Char.) with Win2K. W2K will only
    | enforce/require 3 of the 4. Government standards require 4 of 4. Are
    | there .dll's out there I don't know about. I'm trying to avoid third party
    | software.
    |
    | Any help/ideas is greatly appreciated.
    |
    | KB

    Contact you associated Gov't. CERT or DOIM. They should have a support contract with
    Microsoft and should be able to provide any DLL to support such standards that are set in
    AR-25-2 or other Gov't. regulations.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Aug 1, 2005
    #2
    1. Advertising

  3. Mr. Security

    Mr. Security Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
    news:I6sHe.10131$DJ5.8878@trnddc07:

    > From: "Mr. Security" <>
    >
    >| Hey all,
    >|
    >| I'm new to the group and had a quick question:
    >|
    >| Anyone know how to fully enforce complex passwords (4 of 4 Uppercase,
    >| Lowercase, Number, Special Char.) with Win2K. W2K will only
    >| enforce/require 3 of the 4. Government standards require 4 of 4.
    >| Are there .dll's out there I don't know about. I'm trying to avoid
    >| third party software.
    >|
    >| Any help/ideas is greatly appreciated.
    >|
    >| KB
    >
    > Contact you associated Gov't. CERT or DOIM. They should have a
    > support contract with Microsoft and should be able to provide any DLL
    > to support such standards that are set in AR-25-2 or other Gov't.
    > regulations.
    >


    Thanks...

    We've installed the enpasflt.dll, but it hasn't solved our problem. My
    tech just asked if this could be on conflict with the passfilt.dll used by
    default. Looking at what else I could find online, this may be an issue.
    Unless I'm mistaken, the group policy is what determines what .dll is used
    (in rough terms). Is there a way to direct a policy to one .dll over
    another?

    Thanks again.

    KB
    Mr. Security, Aug 1, 2005
    #3
  4. From: "Mr. Security" <>


    | Thanks...
    |
    | We've installed the enpasflt.dll, but it hasn't solved our problem. My
    | tech just asked if this could be on conflict with the passfilt.dll used by
    | default. Looking at what else I could find online, this may be an issue.
    | Unless I'm mistaken, the group policy is what determines what .dll is used
    | (in rough terms). Is there a way to direct a policy to one .dll over
    | another?
    |
    | Thanks again.
    |
    | KB

    I don't know ... Sorry :-(

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Aug 3, 2005
    #4
  5. "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:I6sHe.10131$DJ5.8878@trnddc07...
    > From: "Mr. Security" <>
    >
    > | Hey all,
    > |
    > | I'm new to the group and had a quick question:
    > |
    > | Anyone know how to fully enforce complex passwords (4 of 4 Uppercase,
    > | Lowercase, Number, Special Char.) with Win2K. W2K will only
    > | enforce/require 3 of the 4. Government standards require 4 of 4. Are
    > | there .dll's out there I don't know about. I'm trying to avoid third
    > party
    > | software.
    > |
    > | Any help/ideas is greatly appreciated.
    > |
    > | KB
    >
    > Contact you associated Gov't. CERT or DOIM. They should have a support
    > contract with
    > Microsoft and should be able to provide any DLL to support such standards
    > that are set in
    > AR-25-2 or other Gov't. regulations.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >

    The Password BBP allows you to use the maximum complexity settings in the
    GPO as long as you use the maximum password length required by AR 25-2/BBP
    is used and you require password changes not more than every 90 days (the
    minimum allowed by AR 25-2).

    I don't think a support contract with Microsoft will get you the
    passfilt.dll you need, because it is not something you can just pick out of
    a catalog (no money in that). NSA had a CD a few years ago that had a
    passfilt.dll that had a minimum password length of 12 characters and
    required characters from all four fields. The only CD I can find at the
    moment is the one that has the 8 character version of the DLL. If I find
    the other one I will let you know.

    Have a nice day,
    Catherder2000
    Catherder2000, Aug 6, 2005
    #5
  6. Mr. Security

    done_right Guest

    Not sure if you have found your solution yet, be sure that under the
    Account Policies --> Passworld Policy that the option "Passwords must
    meet complexity requirements" is set to "Disabled" to avoid conflicts
    between the microsoft and NSA file. Also refer to Guide to Securing
    Microsoft Windows 2000 Group Policy: Security Configuration Tool Set,
    pg 25 for you specific issue and the entire guide for helping to secure
    your system available from the following www.nsa.gov/snac

    Mr. Security Wrote:
    > Hey all,
    >
    > I'm new to the group and had a quick question:
    >
    > Anyone know how to fully enforce complex passwords (4 of 4 Uppercase,
    > Lowercase, Number, Special Char.) with Win2K. W2K will only
    > enforce/require 3 of the 4. Government standards require 4 of 4. Are
    > there .dll's out there I don't know about. I'm trying to avoid third
    > party
    > software.
    >
    > Any help/ideas is greatly appreciated.
    >
    > KB



    --
    done_right
    ------------------------------------------------------------------------
    done_right's Profile: http://www.wirelessforums.org/member.php?userid=1039
    View this thread: http://www.wirelessforums.org/showthread.php?t=1186
    done_right, Sep 2, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?V2FzaQ==?=

    Enforcement of Password Change

    =?Utf-8?B?V2FzaQ==?=, Feb 21, 2006, in forum: MCSE
    Replies:
    2
    Views:
    465
    =?Utf-8?B?V2FzaQ==?=
    Feb 23, 2006
  2. Modemac
    Replies:
    24
    Views:
    737
    jayembee
    Nov 20, 2004
  3. Spam Bait

    License Enforcement

    Spam Bait, Jul 15, 2003, in forum: Computer Security
    Replies:
    6
    Views:
    1,692
    sotwr9
    Apr 28, 2009
  4. thing
    Replies:
    3
    Views:
    694
    thing
    Aug 15, 2004
  5. jzz
    Replies:
    2
    Views:
    366
Loading...

Share This Page