[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Logon history display

Posted on 2006-06-29
Medium Priority
Last Modified: 2013-12-04

I am the Sys. Admin for a US Military unit. "The Powers that be" have mandated some changes to our configuration and some of the solutions to their requirements elude me. I need to know how, if possible, to do the following. References would be greatly appreciated for the requirements that cannot be fulfilled.

1) Enforce different password lengths for users and administrators.
2) Increase the requirements for special characters used in passwords (i.e. 2 capital letters, 2 numbers and 2 special characters), beyond that already required when "Password must meet complexity requirements" is enabled in the Default Domain Policy.
3) Upon successful login have a pop up display the last successful login by that user and all unsuccessful attempts since then.

I thank you in advance for your help.

Question by:mack6565
LVL 32

Expert Comment

ID: 17015495
Here's a good link to start with:


Also, there are some good articles here:


Re. passwords, I think it is better to have long passwords and not worry so much about complexity, as long as simple names and dictionary words are avoided.

Author Comment

ID: 17015526
Here is a bit of amplifying information.

1) Our Domain here is a Windows 2000 Native domain. One Forest with one domain.
2) All Windows 2000 workstations.
3) We already enforce the use of strong passwords.

I did not come up with these requirements, some people with a lot more seniority did. It seems as if they sat around a table and came up with these requirements, but never asked anyone with Systems experience if these new security measures are a good idea or if they are even able to be implemented.

Thank you.
LVL 38

Expert Comment

by:Rich Rumble
ID: 17019515
Where would you like the pop-up? On the pc the current user is logging into, or to an administrators machine? You can easily do this sort of activity with tool like Snare or Gfi's SELM: http://www.intersectalliance.com/projects/SnareWindows/  http://www.gfi.com/lanselm/
You can recieve email reports, or alerts depending on how you configure the devices. They also keep a copy of the Event log's, so if someone were to erase their log's you may still have a back up copy using those tools. If it has an event associated with it, those two tools can alert you to it. Typically you want to increase the level of logging on machines and servers, the default logging is minimal on M$ by default.

As for a pop-up, you could use various scripts to do this, here is an example:  http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan05/hey0126.mspx
Scripts like that can easily be modified to send a pop-up.  http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx

Event log GP

Stong Password GP

Accepted Solution

Chatable earned 2000 total points
ID: 17023466
You can define your own passwod policy for Windows if you have some programming knowledge. You will need to create a "password filter" DLL file. This file contains the actual code that runs when a user attempts to change passwords and the "Passwords must meet complexity requirements" policy is on. In other words, it allows you to define your own complexity settings.

So what do you need to do? You need to create a DLL file which exports the following functions:

BOOLEAN __stdcall InitializeChangeNotify(void);
This function will be called a single time when the computer boots - If you need to do any initialization stuff, do it here and return true (return false on error). If you don't have any initialization stuff, just return true.

BOOLEAN __stdcall PasswordFilter(
  BOOLEAN SetOperation
This is the real interesting function. It will be called whenever a user attempts to chage his/her password. The parameter "AccountName" contains the username of the account whose password is being changed. If you want to set different policies for users and administrators, you can check if this user is an administrator and act accordingly. "FullName" contains the full name record for the user (not really interesting), "Password" contains the new password - This is the string you should check for your desired complexity requirements. SetOperation will be TRUE if an administrator is resetting the password (rather than a user changing his/her own password).
If the new password is acceptable according to your policy, return true. If not, return false. That would reject the new password and display a message to the user that the password is not strong enough. Unfortunately I don't know any method to change this message (so it can explain what the password policy is) so you should make sure all your users already know what is the password policy.

NTSTATUS __stdcall PasswordChangeNotify(
  ULONG RelativeId,
This function will be called once the password has changed. This one is needed because Windows allows you to install multiple password filters and *all* filters must accept the new password before the system sets it as the new one. In other words, even if you've accepted the new password (through the PasswordFilter function) it doesn't mean it has been accepted by the system because another password filter may have rejected it. When this function is called, it notifies you that all filters have accepted the new password, that that the password had actually changed.

Once you've created your DLL file, install it by copying it to the system32 folder and editing the key:
Modify the "Notification Packages" value, which is of type REG_MULTI_SZ. It should contain "scecli" - That's the default password filter (it checks for a single letter from at least 3 of the character groups). Just add the name of your DLL file (no need for the ".dll" extension) as a new string (or replace the existing one if you don't want it). You can create a startup script that will install the new filter on all computers in your domain. Then simply enable the "Passwords must meet complexity requirements" policy and that's it.

For more information visit:

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question