Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Passfilt.dll and strong passwords in NT Server 4.0

Status
Not open for further replies.
AdminPower

AdminPower

MIS
Aug 24, 2001
4
CA
I am looking to implement a password change policy in my organization. I found the Microsoft article about using passfilt.dll to force users to use more difficult passwords and I think I am going to go that route. I have a couple of questions though.

1. When I implement a password policy, how does Windows manage staggering the password changes for my users (i.e. none of my users have ever been forced to change passwords before so am I in danger of having all 400 users needing to change their password on the same day or does NT use some method to stagger it out so I don't have a ton of helpdesk calls all at once)?

2. Has anyone had any bad experiences implementing strong password security with passfilt.dll?

I would really appreciate any input.

Thanks in advance.
 
Sort by date Sort by votes
I'm also in the process of using passfilt.dll. Yes it would be a big problem if you change the passwords at the same time. In our case, users are required to change their passwords every n number of days. So by the time they change their password, they will have to input the new filtering rules. My suggestion is that you inform your users of the new settings before you actually implement. It will minimize calls for support.

With regards to batching, I'm not yet sure if NT has batching for password changes. What I can think of now is that you select on which users would be required to change their password on next log on. You can select multiple users in the user manager.

Question. this would mean you will have to change the registry settings of your PDC and/or BDC. Do you know how to add to existing values? I posted this question before and am not yet getting any replies.

 
Upvote 0 Downvote
The KB article detailing this is Q161990 linked here:


It details all registry changes required. I tried it out on an NT 4.0 Workstation machine and it did fine forcing the changes on the local system accounts.

I'm still wondering about when my users will need to change their password when I first add the policy. Forgetting about passfilt.dll altogether, what happens when I simply add a password policy to a domain that has never had to change passwords before? Does everyone have to change on day one? Or worse, does everyone have to change 90 days after day one as that is the max password age I am implementing? Or, best case scenario, will NT stagger the domain list and have different people changing passwords on different days?

Any input from anyone who has added a domain password policy where there previously was none would be appreciated.

Thanks.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
259
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
210
MaioMaio
MaioMaio
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
467
gbaughma
gbaughma
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
221
antonio_dsanchez
antonio_dsanchez
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
307
suncit
suncit

Part and Inventory Search

Sponsor

Back
Top