windows network password strength test

Greetings EE Gods...

I am starting in a new company, and looking for a tool.

This tool needs to be able to run through the established logins on a domain, and check to make sure the passwords are not being too weak.  If they are, i have to report it to their leadership, so they can change to a stronger password.  

This tool must be able to test local computers too for local logins as well.

Evan CutlerVolunteer Chief Information OfficerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Try GFI LanGuard:

Or, just enable strong passwords and force everyone to change their password at next login.
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
well, how do I check the passwords to see if they're not just XMAS'd (ie.  !@#$%12345qwertQWERT)

I definetely gave you the wrong link - sorry! Ii cross-posted to another question and swapped the answeres by accident.

You need something like GFI Languard to audit the passwords.
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

I think you are going wrong way.
You need to create a new password policy, enable minimal lengh of for example 8 and requirement of extra symbols like &! etc.
Users with weak passwords will be prompted to change it next time they log in.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rich RumbleSecurity SamuraiCommented:
First, apply the GPO to stop storing the LanMan hash:
Then force users to change their passwords. Make your minimum password 10 and add alpha and extra characters as a requirement. This will thwart most if not all Rainbow-table attacks.
Then download JohnTheRipper, or cain&able from, dump your hashes from your AD (after forcing users to change their passwords) using FgDump or Pwdump6. Import them into cain&able, or run them against jtr with the jumbo patch (you can find this pre-compiled on the internet) and run john.exe passwords.txt -format=NT

This however does not stop programs that "pass the hash" which require no password cracking so it doesn't matter how strong a password is. These programs however require that they gain administrator access to do so, see gsecdump + msvctl and the "pass the hash toolkit"
As an administrator of a domain, the password policy should be your responsibility. Authentication is crucial to IT security and shouldn't lie strictly upon the clients shoulders.

So, I agree with some comments above by enforcing a password policy and also disabling LMhash authentication. Creating the group policy object is easy, quick ,and will allow you to concentrate on other facets of being an IT admin.

A free tool for checking passwords from microsoft is Microsoft Baseline Security Analyzer: (MBSA)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.