ad-password-protection icon indicating copy to clipboard operation
ad-password-protection copied to clipboard

Published 20 hours ago verified publisher icon lithnet

Add support for targeting policies to specific users and groups

Open tcvall86 opened this issue 4 years ago • 11 comments

Hello,

First of all I like this tool a lot and we are probably implementing this in our domain. One thing I could not get to work is applying this to a specific group or user. It only seems to work as a domain wide policy.

Potentially this is a duplicate of #32 but since that is closed I am unsure if this has been fixed or not. Maybe I am just missing something obvious

I have tried "removing" authenticated users by removing delegation on Apply group policy - Allow for Authenticated users and adding a seperate group with it allowed. But as soon as I do that, all requests seems to go through even though the filter is being called on. (Which can be seen in Event Viewer)

Is it / Will it be possible to include / exclude specific users from the filter? It would help for example in testing scenarios or with specific service accounts that are used in conjunction with programs that can't handle certain passwords

Thanks again

tcvall86 avatar Jun 02 '20 13:06 tcvall86

Hey @tcvall86

The group policy affects domain controllers, not individual users or groups.

So I'm afraid it's all or nothing as far as being enabled for all users in any given domain.

V2 will have the fine grained policies that you are after, but I'm afraid I haven't yet finished that version.

ryannewington avatar Jun 03 '20 11:06 ryannewington

Hello Ryan,

Thanks for the quick response. I kind of figured but great to have it confirmed.

Thanks for all your hard work on this project. Looking forward to the next release!

tcvall86 avatar Jun 03 '20 12:06 tcvall86

Let's leave this open to track the feature request

ryannewington avatar Jun 03 '20 12:06 ryannewington

@ryannewington yeah this one looks like it is almost the same as #48 and that FGPPs would be the answer. I posted in that request before reading this one :).

Techie4Life83 avatar Sep 16 '20 21:09 Techie4Life83

Thanks a lot Ryan, for this amazing tool! We're planning to implement it in our enviroment. After some testing, i stumbled over the need for specific excludes of users. As we have 802.1x Network Authentication in place, therefore we need some MAB objects in AD with very bad passwords.

So I'll wait until you release Version 2, hope it's not too far away 😃

Again thank you very much, Oliver

rooso avatar Dec 02 '21 07:12 rooso

Excellent piece of kit! Just dropping a comment about the application of specific users / groups. Also hoping as @rooso that it isn't so far away.

LMApplications avatar Mar 04 '22 13:03 LMApplications

Frustrated that this basically prevents us from using your fine product. No user filtering is a deal break for administration apparently.

GobNobber avatar Mar 18 '22 20:03 GobNobber

bonjour j'ai installer cette application lithnet ad-password-protection , j'ai fait Add-CompromisedPassword -Value "monmot" mais je peux toujours modifier le mot de passe que j'ai rajouter via la console AD je comprend pas ou est le problème merci de m'aider svp

kaloueche avatar May 15 '22 12:05 kaloueche

Hi @ryannewington ,

I know this is very old topic, however just want get the confirmation. We do have some have MAB accounts with bad passwords hence is there a way we can exclude a particular OU (where all MAB accounts are sitting) from the password protection GPO?

manulalath avatar Sep 16 '22 13:09 manulalath

Great product and thank you for all your effort, but just wanted to bring to your attention that FGP are useful in many environments. For example, in education, there are 5 year old kids who don't know what a symbol is yet and have not taken keyboarding, so they need to have a simpler password.

neverinfront avatar Mar 19 '24 18:03 neverinfront

I know this is the most awful question for a dev but do you have a target for releasing your v2 product?

JES-OPS avatar May 07 '24 15:05 JES-OPS