New Compliance Standards & More: See What’s New in Specops Password Auditor

Today, we’ve released the latest Specops Password Auditor — a read-only program that can help IT admins identify password vulnerabilities including number of accounts with compromised passwords and more.

In this release, we’ve introduced a big update to our Password Policy Compliance report, as well as added new privacy controls, new reports for auditing stale user accounts and delegable admin accounts, and more.

Check Password Policies Against More Regulatory Standards

Running a scan of your Active Directory password policies with Password Auditor can now give you insight into how well they comply with the following standards and their latest updates:

The Password Policy Compliance report is customizable so you can review just the standards that are relevant for your organization.

Clicking into any of the individual standards will show more detail:

Our research team has previously highlighted how recommended password construction requirements are not enough as many complex passwords are found in known compromised password lists. Today’s compliance standard update includes the check of whether a specific standard calls for a compromised password check and our team continues to recommend preventing the use of compromised passwords with a service like Specops Breached Password Protection whether or not a compliance standard calls for it.

Anonymized Scan Results for Increased Privacy and Data Security

For any administrator concerned with keeping their Password Auditor scan user data private, today’s release includes a feature that will remove usernames from the report and instead replace them with anonymized names.

New Reports for Additional Account Risk Evaluation

Specops Password Auditor has previously been able to help system administrators with implementing least privilege principles with the Admin Accounts and Stale Admin Accounts reports. Administrators can use those reports to audit for accounts that should no longer have admin rights.

With this release, two new reports are available to help evaluate Active Directory accounts for unnecessary access:

  • The Delegable Admins report
  • The Stale User Accounts report

The Delegable Admins report shows domain admin accounts that can be delegated. Organizations interested in securing authentication tokens will find this report useful for helping to audit for accounts that should be marked as “sensitive and cannot be delegated” in their environment.

The Stale User Accounts report shows users that have not logged in within X days. This report can be helpful for discovering user accounts that are no longer used whether they were test accounts or associated with users who no longer work for the organization. Removing these accounts are an important part of securing unnecessary potential entry points into your network.

Evaluate Password Risk for Multiple Trusted Domains or OUs At Once

This latest version of Specops Password Auditor also includes more options for selecting what parts of your organization you can scan at once.

With this release, administrators will be able to scan multiple organizational units or multiple trusted Active Directory domains at the same time as long as they have domain admin permissions to the selected domains, making it easier to evaluate the entire organization’s password vulnerabilities at once.

More Improvements and Fixes

More improvements and fixes can be found in the release notes.

Run Your Updated Password Auditor Scan Now

You can download the latest Specops Password Auditor here to evaluate your organization’s password compliance, delegable admin and stale user account risk and more.

Specops Password Auditor does not store Active Directory data nor does it make any changes to Active Directory.

If you’re looking to more easily comply with any of these regulatory standards, the flexible settings of Specops Password Policy make it easy to implement any complexity, length, expiry or compromised password check requirements. See how Specops Password Policy and Breached Password Protection can help you implement a custom password policy that can meet any compliance requirement and block over 4 billion compromised passwords with a demo or free trial.

(Last updated on November 17, 2022)

Back to Blog