Knowledge Base

*This article applies to version 7.10 and later* Please note this article applies to the latest version of Password Policy. When viewing Password Policy license usage in Password Policy Domain Administration, admins may encounter the following error: As the error indicates, the Sentinel on the domain controller holding the PDC Emulator role is responsible for...

This article will review the steps required to confirm the Specops Password Policy Sentinel is installed properly on your domain controllers. The Sentinel is required on every writeable domain controller in order to ensure proper enforcement of Specops password policies. It does not need to be installed on read-only domain controllers; if you have any...

With the retirement of Server 2012/r2, a question that has risen in popularity is how I migrate my password policy to another server to continue using the product without any issues? The simple answer is not a lot needs to be done since all of the configuration is stored in Group Policy and Active Directory....

*This article only applies to version 7.4 to 7.12* In version 7.13 of Password Policy, the mechanism for sending mail from Password Policy via the Breached Password Protection Cloud API has been deprecated. The steps below outline how to switch from the Online Service to SMTP. *Note SMTP option was added in version 7.4* 1....

All password changes in Active Directory passes through one or more Password Filters on the Domain Controllers (Specops Password Policy Sentinel is basically a Password Filter), all these Password Filters need to approve the new password before the change is finalized, like the following flowchart shows. Following this somewhat simplified chart yield some important information:...

The configuration is stored in Group Policy and Active Directory, so there is nothing needed to back up before walking through the upgrade process. How do I upgrade password policy steps are as below: 1.Navigate to https://specopssoft.com/support/en/password-policy/download.htm and download the file 2. Save and Run the Setup Assistant locally to a machine where you administer...

Make sure that standard communication is allowed. The management Computer with the Specops Password Policy Domain Administration Tool installed must be able to communicate with Domain Controllers on: LDAP: TCP 389 SMB: TCP 445 Kerberos: TCP 88, 464 DNS: TCP/UDP 53 Other common client protocols RPC (Remote Procedure Call) RPC should be open/allowed between the...

User counting has been renamed to periodic scanning and has been relocated for ease of access in Password Policy version 7.10. Below is each version’s method for what needs to be done for user counting/periodic scanning to be adjusted accordingly. 7.5 and Below: In versions 7.5 and below, you would modify the value “CheckExpiredPasswordsStartTime” registry...

This article lists all file locations and executables associated with the Specops Password Policy Sentinel on domain controllers. File Locations The following locations contain files associated with the Sentinel: %PROGRAMFILES%\Specopsssoft\Specops Password Policy\ %WINDIR%\System32\SppFilter.dll %WINDIR%\System32\SppFilterInfo.json %WINDIR%\System32\SppFilterRes.dll Executables Specops Password Sentinel Service — Windows service, must run as local system. C:\Program Files\Specopssoft\Specops Password Policy\Sentinel Service\Specopssoft.SentinelService.exe Specops Password...

For the initial policy Create your policy you will use for this policy and tag the policy where you would like it applied within the Active Directory structure. The security filtering will be Authenticated users which for most cases is fine: For an additional policy Create your policy you will use for this policy and...