OpenPasswordFilter
OpenPasswordFilter copied to clipboard
jephthai
OPF is enabling complexity requirements.
I am basically trying to create a password policy for my company with the only requirements being that it needs to be 15 characters and no more than 4 repeating characters such as 11111 in a password.
I do not have password complexity enabled in my domain, but when I install OPF, AD won't let me create any passwords unless it meets the standard MS complexity requirements, ie capital letter and special character etc.
That's really odd -- is the standard Microsoft password filter DLL listed in the configured filters?
On Tue, Jul 10, 2018 at 8:13 AM abortedfajitas [email protected] wrote:
I am basically trying to create a password policy for my company with the only requirements being that it needs to be 15 characters and no more than 4 repeating characters such as 11111 in a password.
I do not have password complexity enabled in my domain, but when I install OPF, AD won't let me create any passwords unless it meets the standard MS complexity requirements, ie capital letter and special character etc.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jephthai/OpenPasswordFilter/issues/24, or mute the thread https://github.com/notifications/unsubscribe-auth/AEYlQRBbePS6L_w9skVp7vXiigxD7bDiks5uFKhlgaJpZM4VJYVt .
These are the filters that show up in the registry:
scecli rassfm OpenPasswordFilter
On Tue, Jul 10, 2018 at 11:54 AM, Josh Stone [email protected] wrote:
That's really odd -- is the standard Microsoft password filter DLL listed in the configured filters?
On Tue, Jul 10, 2018 at 8:13 AM abortedfajitas [email protected] wrote:
I am basically trying to create a password policy for my company with the only requirements being that it needs to be 15 characters and no more than 4 repeating characters such as 11111 in a password.
I do not have password complexity enabled in my domain, but when I install OPF, AD won't let me create any passwords unless it meets the standard MS complexity requirements, ie capital letter and special character etc.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jephthai/OpenPasswordFilter/issues/24, or mute the thread <https://github.com/notifications/unsubscribe-auth/AEYlQRBbePS6L_ w9skVp7vXiigxD7bDiks5uFKhlgaJpZM4VJYVt> .
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jephthai/OpenPasswordFilter/issues/24#issuecomment-403874105, or mute the thread https://github.com/notifications/unsubscribe-auth/AOHEnJjfOjydqIeY3mW_ZwS4SoxOL0lwks5uFM5TgaJpZM4VJYVt .
Are you certain there isn't any conflict between your domain policy, domain controller policy, and local security policy on your DCs?
Just checked local security policy and domain controller policy, no complexity enabled anywhere. Also double checked all of my domain policies to make sure it wasn't hidden in one of them.
Any other ideas? I would love to be able to use OPF, but I might have to go with a paid solution if I can't figure it out.
Thanks again for all of your help.
On Tue, Jul 10, 2018 at 12:24 PM, Josh Stone [email protected] wrote:
Are you certain there isn't any conflict between your domain policy, domain controller policy, and local security policy on your DCs?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jephthai/OpenPasswordFilter/issues/24#issuecomment-403883769, or mute the thread https://github.com/notifications/unsubscribe-auth/AOHEnMPu3jDo3HFAU3jUpwlzz34FBW1Wks5uFNVPgaJpZM4VJYVt .
I have the same issue... After installing OPF, it works doing a reset password in AD, but in clients is allways saying "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain",,,
Which github repo have you downloaded? Is this from the /jephthai/OpenPasswordFilter repo, or one of the cloned repos?
On Mon, Jul 30, 2018 at 11:57 AM choakumchild [email protected] wrote:
I have the same issue... After installing OPF, it works doing a reset password in AD, but in clients is allways saying "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain",,,
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jephthai/OpenPasswordFilter/issues/24#issuecomment-408934938, or mute the thread https://github.com/notifications/unsubscribe-auth/AEYlQV8Yh6xDGVig1XYFiXj2mcrViggJks5uLzrjgaJpZM4VJYVt .
I download the /jephthai/OpenPasswordFilter Zip file, and install the OPFInstaller_x64. This works reseting the password on AD. But in clients when I test reset the password is allways saying "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain".. After 2 days it works on clients normally... But I need to wait 2 days.. this is not normal...
That's not an OPF problem. That sounds more like the expected behavior of attemptong to change your password before it has reached the configured Minumum Password Age. There is no specific error for a password being too "young" to change. Check your password policy, then go back and read the failure event in the security log which should detail the exact reason why the password change failed.
And, I'm assumimg that you're attempting to change the password because "resetting the password on the client" doesn't really mean anything - unless you're using RSAT tools (which actually still performs a password reset from the server)
I already remove all policies on GPO, and the problem continue... When I said resetting the password in client, I mean on client pc I try to change the password and I cant... When I reset on RSAT it works...
I already remove all policies on GPO, and the problem continue..
This is expected behavior. You can't remove all policies or set them to "Not Configured" and expect a change. This action does not actually remove any password settings in effect.
In order to test OPF with your password changes this, you must either
- Specifically configure your password policy to a Minimum Password Age = 0, or
- Patiently wait the "Minimum Password Age" number of days to attempt to change the password, or
- Check the "user must change password on next logon."
When I said resetting the password in client, I mean on client pc I try to change the password and I cant...
Indeed, this is specifically not resetting the password; this is changing the password. Proper terminology is required when trying to troubleshoot issues.
When I reset on RSAT it works...
Expected. Administrative password resets (unlike password changes) necessarily bypass minimum password age and password history (reusing passwords) requirements.
To be clear, this is not a problem with OPF. An error stating "password does not meet complexity requirements" is expected behavior when attempting to change a password too soon in cases when a Minimum Password Age is configured to a value other than 0 in the domain's controlling password policy, or when the Minimum Password Age was previously configured to a value other than 0 and not properly reverted to 0 before attempting to change the password.
I recommend the issue be closed.
Sorry man, but the problem continue... This is a big problem... My users can´t reset the password...