Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

Specops Password Policy

Understanding Active Directory Password Expiration with Specops Password Policy

In this article we will review how to predict when users’ passwords will expire when affected by a Specops Password Policy, as well as troubleshoot if passwords are not expiring when expected. In general, it is good to be aware that any Active Directory native tools for password expiration will not be aware of Specops...

How to Configure a Firewall for Specops Password Policy

Internal Communication Breached Password Protection Please see the tables below for URLs or IPs that you will need to allow connectivity to for Breached Password Protection to work correctly. Breached Password Protection Express (Also used for Password Auditor) Breached Password Protection Express (on-premise subset of Breached Password Protection Complete used to block breached passwords in...

Unable to Delete Users with Leaf Objects

Specops Password Policy, Password Reset, and uReset/Specops Authentication all use leaf objects under user accounts for the purposes of storing user specific information — for Password Policy this includes password history and length-based password age information; for Password Reset and uReset/Specops Authentication the leaf object contains user enrollment data. The advantage of using a leaf...

Specops Is Not Accurately Displaying my Domain Password Policy or Fine-Grained Password Policy

In Specops Password policy administrative tools or in Specops uReset/Password Reset you may find that the displayed password policy rules from Active Directory do not appear accurate. All Specops password products respect both the default and fine-grained password policies as configured in Active Directory and are displayed by reading the relevant configuration attributes directly from...

Verify Specops Password Policy License Usage

*This article applies to version 7.11 or later* This article will review how Specops Password Policy affected/subscription licenses are consumed and assumes you are on the latest version of Password Policy. Both affected (perpetual) and subscription licenses use the same model to count licenses — the count is based on the number of enabled Active...

Tracking Password Change Rejections with Specops Password Policy

In this article we will review how administrators can audit rejected password changes and password resets when Specops Password Policy is deployed in the domain. The Specops Password Policy Sentinel logs a Windows event log entry each time a password change or password reset is rejected by the rules in the Specops Password Policy. The...

How to check the health of your Password Policy config

*This article applies to version 7.11 or later* This article will walk you through the steps we would check to verify a Specops Password Policy configuration. Checking Specops Password Policy Administration Tools We will start by checking the Password Policy Administration Tools to see if there are any errors. Now, let’s click on Password Policy...

Users do not receive Password Expiration Reminder Emails

In this article we will review what to check if users are not receiving password expiration reminder emails from Specops Password Policy. Password Expiration is handled exclusively by the Password Policy Sentinel installed on the domain controller holding the PDC Emulator role. If you are unsure which domain controller currently holds the PDC Emulator role,...

What is length based aging and how is it used and implemented?

What is it? Length based aging is a system that rewards users for having longer and more secure passwords. How does it work? It works by adding additional days in which the password will expire based on how many characters are in the password. In this example below, the max password age is set to...

Create a Scheduled Task to Automatically Update the Latest Version of BPP Express

***Please note that this only works in Password Policy 7.8 or higher*** One of the major benefits of implementing Specops Password Policy and Breached Password Protection is having a local database on your Domain Controller’s (DC) that can prevent your users from using a commonly used or recently leaked breached password. This comes in the...
Next Page »