New in Specops Password Policy 7.12: Schedule Password Auditor Reports, Improvements to Periodic Scanning Reports & more

This week, we’ve released the latest version of our Active Directory password management solution, Specops Password Policy 7.12.

This release includes improvements to the reporting within the Specops Password Policy admin tools as well as several new PowerShell cmdlets that you can use to access information or results about the latest or previous periodic scan.

Also new in this release is a cmdlet that can be used to manually run or schedule a run of Specops Password Auditor.

Let’s take a look.

Previous scan results & more reporting enhancements

Specops Password Policy 7.12 includes improvements to the available reporting in the Admin tools.

We’ve added two new settings to the Periodic Scanning screen in this release, available when you click the Edit button under Settings. These improvements can help with troubleshooting but also with pulling data on how your compromised password protection has improved since running your first scan or give an audit trail.

The first is the option to save a list of accounts with compromised passwords, configurable as yes/no. The default is no. The second is the number of reports you can save.

Configuring this setting as “yes” will save a list of accounts with compromised passwords every time the periodic scan runs. The list of accounts with be saved in a protected folder on the domain controller where periodic scanning runs.

The “number of reports to save” functions as a rolling count of the latest reports saved. If you reach your limit of reports that will save, the periodic scan will simply delete the oldest saved report from the list and add the latest.

Configuring Periodic Scanning to save reports of accounts with breached passwords
Configuring Periodic Scanning to save reports of accounts with breached passwords

Once configured, Periodic Scanning will start saving reports beginning with the next manual or scheduled scan.

Choosing which report to review in the Periodic Scanning screen
Choosing which report to review in the Periodic Scanning screen

After selecting a saved report date, if you have enabled the setting to save a list of accounts with breached passwords, you will be able to click “Show accounts” to see which accounts have a breached password according to the Express, Complete or either list.

An administrator views the list of accounts found to have breached passwords in the latest scan.
An administrator views the list of accounts found to have breached passwords in the latest scan.

From there, an administrator can copy the list of accounts to paste into another doc, email or workflow, if needed.

Cmdlets for Periodic Scanning

For those that prefer PowerShell, this release also includes a few new cmdlets to pull reporting results at the command line.

Get-SppPeriodicScanningResultList will return the list of reports saved:

Get-SppPeriodicScanningResultList will return the list of reports saved:

Get-SppPeriodicScanningResult returns the overview data for the latest scan:

Get-SppPeriodicScanningResult returns the overview data for the latest scan:

The same cmdlet can also be used to access an earlier report by referencing the results list which is provided as a PowerShell array.

The same cmdlet can also be used to access an earlier report by referencing the results list which is provided as a PowerShell array.

Get-SppPeriodicScanningResultUsers will return the result for each user found to have a compromised password from the latest scan.

Get-SppPeriodicScanningResultUsers will return the result for each user found to have a compromised password from the latest scan.

Read more about these cmdlets in the documentation.

Schedule Specops Password Auditor scans

With this release, Specops Password Policy customers can now make use of a cmdlet and a scheduled task to run scheduled scans for Specops Password Auditor.

New-SpaReport will generate a Specops Password Auditor PDF report which will be saved in a location specified by the admin when running the cmdlet.

An admin defines the location of where the Powershell cmdlet-generated Password Auditor report will save
An admin defines the location of where the Powershell cmdlet-generated Password Auditor report will save

Note: The Specops Password Auditor Breached Password report is still available via a manual run of Specops Password Auditor but will not appear in the scheduled scan report result. Compromised password statistics for Specops Password Policy and Breached Password Protection customers are best accessed via the Periodic Scanning page.

Weekly/monthly/quarterly scans with Specops Password Auditor are made possible with this cmdlet and a scheduled task.

And if you want those reports emailed to you, check out this Knowledge Base article that includes a sample script for emailing this report to administrators, along with the latest results of Periodic scanning, that you can adapt to for your use.

More improvements and fixes

More improvements and fixes can be found in the release notes.

If you are an existing Specops Password Policy customer, you can find upgrade instructions here. If you have questions about upgrading, please contact support.

See how Specops Password Policy can help

If you’re interested in seeing a demo of the latest Specops Password Policy or have questions about how you can block over 4 billion compromised passwords with Breached Password Protection, contact us.

(Last updated on February 5, 2024)

Back to Blog