Knowledge Base

In this article we will review how the Specops Authentication client and Specops Password Policy determine the language to use when displaying feedback to the end user when their password is not accepted. There are two ways the language for the feedback is chosen; either set manually in the Password Policy Group Policy Snap-In, or...

This article will review the steps required to confirm the Specops Password Policy Sentinel is installed properly on your domain controllers. The Sentinel is required on every writeable domain controller in order to ensure proper enforcement of Specops password policies. It does not need to be installed on read-only domain controllers; if you have any...

This article assumes you are on the latest version of Password Policy. Often questions arise regarding Specops and password expiration. Below are the steps that can be followed to verify whether or not Specops caused a password to expire. Checking the Periodic Scanning tab This tab provides counts of users affected by Specops Password Policy,...

Specops Password Reset (SPR) and Specops Password Policy (SPP) take full advantage of Active Directory. SPR creates a classStore Object called specops-spp-passwordreset. SPP creates a classstore Object called specops-spp-passwordhistory. Both of these objects can prevent migration tools, such as Active Directory Migration Tool (ADMT), from successfully migrating the user object. Note: The latest version of...

Short answer: It depends Situation where it depends If you disable length-based password aging, the user(s) will then be subjected to the normal maximum password age. Situations where the user will not be forced to change their password: If the user sets their password based on this current policy, we see their sub-object has a...

The Specops Arbiter service uses a self-signed certificate to encrypt communications from domain controllers to query the Specops API. If this certificate is expired or inadvertently deleted, the Arbiter server may not be able to start. Identify the Certificate Currently In Use The Arbiter uses the certificate identified by the thumbprint stored in the registry:...

***Please note that this only works in Password Policy 7.8 and greater*** One of the major benefits of implementing Specops Password Policy and Breached Password Protection is having a local database on your Domain Controller’s (DC) that can prevent your users from using a commonly used or recently leaked breached password. This comes in the...

Please note this article applies to the latest version of Password Policy. When viewing Password Policy license usage in Password Policy Domain Administration, admins may encounter the following error: As the error indicates, the Sentinel on the domain controller holding the PDC Emulator role is responsible for checking license consumption on a daily basis. If...

This article applies to uReset when used in a multi-domain environment. When using uReset and Password Policy in multiple trusted domains/forests, you may find that users accessing uReset from domains other than the Gatekeeper domain do not see the Password Policy rules when setting their new password. When this occurs, you will find event ID...

Fine-Grained Password Policies are a way to assign different Microsoft password policies to different users, and they override the Default Domain Policy: Step 1 Create a security group that contains all desired users within Active Directory Users and Computers. Note that when you create this group it should be a Global group. If you create...