Knowledge Base

The following PowerShell script contains a sample implementation of how Specops Password Policy and Breached Password Protection customers can automate sending an email to administrators containing the results of Password Policy Periodic Scanning, a list of any users found to have breached passwords, and a Password Auditor report PDF. Customers can set a script like...

Specops Password Auditor Password Policy customers should download Password Auditor directly from Password Policy Domain Administration. Updates to Password Auditor can be downloaded from within the Password Auditor application — if an update is available, you will see a prompt to download it. Specops Password Policy https://specopssoft.com/support/en/password-policy/download.htm uReset You would do this directly through the...

With the retiring of Server 2012/r2 fast approaching a question that has risen in popularity is how I migrate my password policy to another server to continue using the product without any issues? The simple answer is not a lot needs to be done since all of the configuration is stored in Group Policy and...

This article lists all file locations and executables associated with the Specops Password Policy Sentinel on domain controllers. File Locations The following locations contain files associated with the Sentinel: %PROGRAMFILES%\Specopsssoft\Specops Password Policy\ %WINDIR%\System32\SppFilter.dll %WINDIR%\System32\SppFilterInfo.json %WINDIR%\System32\SppFilterRes.dll Executables Specops Password Sentinel Service — Windows service, must run as local system. C:\Program Files\Specopssoft\Specops Password Policy\Sentinel Service\Specopssoft.SentinelService.exe Specops Password...

After the migration of SYSVOL replication from FRS to DFSR, there will be path changes in SYSVOL that will prevent the Sentinel component of Password Policy from functioning properly.  As Sentinel is responsible for enforcing Specops password settings, password changes would then be processed only by the native Microsoft password settings in Default Domain Policy...

User counting has been renamed to periodic scanning and has been relocated for ease of access in Password Policy version 7.10. Below is each version’s method for what needs to be done for user counting/periodic scanning to be adjusted accordingly. 7.5 and Below: In versions 7.5 and below, you would modify the value “CheckExpiredPasswordsStartTime” registry...

Both affected (perpetual) and subscription licenses use the same model to count licenses — the count is based on the number of enabled Active Directory user accounts that have a Specops Password Policy GPO applied to them in Active Directory. Specops Password Policy regularly updates a record of how many licenses have been consumed. The...

Make sure that standard communication is allowed. The management Computer with the Specops Password Policy Domain Administration Tool installed must be able to communicate with Domain Controllers on: LDAP: TCP 389 SMB: TCP 445 Kerberos: TCP 88, 464 DNS: TCP/UDP 53 Other common client protocols RPC (Remote Procedure Call) RPC should be open/allowed between the...

All password changes in Active Directory passes through one or more Password Filters on the Domain Controllers (Specops Password Policy Sentinel is basically a Password Filter), all these Password Filters need to approve the new password before the change is finalized, like the following flowchart shows. Following this somewhat simplified chart yield some important information:...

After a Breached Password Protection Complete scanning the results are showing less email notifications sent then compromised passwords found. Possible reasons for this 1. A users password has been caught as breached by the complete list in the past and the “User must change password during next logon” setting has been ticked on the user...