OpenPasswordFilter icon indicating copy to clipboard operation
OpenPasswordFilter copied to clipboard

Published 20 hours ago verified publisher icon brockrob

Enabling OPF seems like it's enforcing password complexity

Open halfaipg opened this issue 6 years ago • 6 comments

I am basically trying to create a password policy for my company with the only requirements being that it needs to be 15 characters and no more than 4 repeating characters such as 11111 in a password.

I do not have password complexity enabled in my domain, but when I install OPF, AD won't let me create any passwords unless it meets the standard MS complexity requirements, ie capital letter and special character etc.

halfaipg avatar Jun 28 '18 14:06 halfaipg

If OPF is the only password filter in play, the reason for rejection will be logged in the application log.

brockrob avatar Jun 28 '18 14:06 brockrob

All I am seeing is EventID 100, WSACancelBlockingCall and Unable to bind to open port.

AD will let me set passwords that fall inside of MS complexity policy, but it is not enabled in group policy.

halfaipg avatar Jun 28 '18 14:06 halfaipg

Any ideas? It seems like it is working, but I do not want users subjected to the complexity requirements. I'm only trying to limit repeating characters in passwords.

halfaipg avatar Jul 10 '18 13:07 halfaipg

The errors you cite suggest that it's not in fact working, and that's troubling. Can I get a little more detail? What WinServer version are you installing this on?

brockrob avatar Jul 10 '18 13:07 brockrob

You must have complexity enabled somehow if that's what you're experiencing, because it appears based on your error messages that the service is not starting, and if the dll can't reach the service it fails 'open', meaning anything is allowed. I would like to understand why the service is not starting though.

brockrob avatar Jul 10 '18 13:07 brockrob

Thanks for taking the time to respond, Robert.

I am running Windows Server 2008 R2 domain controllers.

It's very odd. I have verified that password complexity is not enabled on my domain. Basically, I can change an AD password to whatever I want, but as soon as I start the OPF service (it is starting, and stays running), it requires me to use MS complexity requirements.

On Tue, Jul 10, 2018 at 9:21 AM, Robert Brock [email protected] wrote:

You must have complexity enabled somehow if that's what you're experiencing, because it appears based on your error messages that the service is not starting, and if the dll can't reach the service it fails 'open', meaning anything is allowed. I would like to understand why the service is not starting though.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/brockrob/OpenPasswordFilter/issues/5#issuecomment-403819642, or mute the thread https://github.com/notifications/unsubscribe-auth/AOHEnEGdFptUSKWAEGQwcTsFlkmddcl3ks5uFKpzgaJpZM4U7dxq .

halfaipg avatar Jul 10 '18 14:07 halfaipg