Knowledge Base

This article will review the steps required to confirm the Specops Password Policy Sentinel is installed properly on your domain controllers. The Sentinel is required on every writeable domain controller in order to ensure proper enforcement of Specops password policies. It does not need to be installed on read-only domain controllers; if you have any...

Specops Password Auditor Password Policy customers should download Password Auditor directly from Password Policy Domain Administration. Updates to Password Auditor can be downloaded from within the Password Auditor application — if an update is available, you will see a prompt to download it. Specops Password Policy https://specopssoft.com/support/en/password-policy/download.htm uReset You would do this directly through the...

With the retirement of Server 2012/r2, a question that has risen in popularity is how I migrate my password policy to another server to continue using the product without any issues? The simple answer is not a lot needs to be done since all of the configuration is stored in Group Policy and Active Directory....

All password changes in Active Directory passes through one or more Password Filters on the Domain Controllers (Specops Password Policy Sentinel is basically a Password Filter), all these Password Filters need to approve the new password before the change is finalized, like the following flowchart shows. Following this somewhat simplified chart yield some important information:...

User counting has been renamed to periodic scanning and has been relocated for ease of access in Password Policy version 7.10. Below is each version’s method for what needs to be done for user counting/periodic scanning to be adjusted accordingly. 7.5 and Below: In versions 7.5 and below, you would modify the value “CheckExpiredPasswordsStartTime” registry...

This article lists all file locations and executables associated with the Specops Password Policy Sentinel on domain controllers. File Locations The following locations contain files associated with the Sentinel: %PROGRAMFILES%\Specopsssoft\Specops Password Policy\ %WINDIR%\System32\SppFilter.dll %WINDIR%\System32\SppFilterInfo.json %WINDIR%\System32\SppFilterRes.dll Executables Specops Password Sentinel Service — Windows service, must run as local system. C:\Program Files\Specopssoft\Specops Password Policy\Sentinel Service\Specopssoft.SentinelService.exe Specops Password...

Make sure that standard communication is allowed. The management Computer with the Specops Password Policy Domain Administration Tool installed must be able to communicate with Domain Controllers on: LDAP: TCP 389 SMB: TCP 445 Kerberos: TCP 88, 464 DNS: TCP/UDP 53 Other common client protocols RPC (Remote Procedure Call) RPC should be open/allowed between the...

*This article only applies to version 7.4 to 7.12* In version 7.13 of Password Policy, the mechanism for sending mail from Password Policy via the Breached Password Protection Cloud API has been deprecated. The steps below outline how to switch from the Online Service to SMTP. *Note SMTP option was added in version 7.4* 1....

After the migration of SYSVOL replication from FRS to DFSR, there will be path changes in SYSVOL that will prevent the Sentinel component of Password Policy from functioning properly.  As Sentinel is responsible for enforcing Specops password settings, password changes would then be processed only by the native Microsoft password settings in Default Domain Policy...

For the initial policy Create your policy you will use for this policy and tag the policy where you would like it applied within the Active Directory structure. The security filtering will be Authenticated users which for most cases is fine: For an additional policy Create your policy you will use for this policy and...