• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 729
  • Last Modified:

windows network password strength test

Greetings EE Gods...

I am starting in a new company, and looking for a tool.

This tool needs to be able to run through the established logins on a domain, and check to make sure the passwords are not being too weak.  If they are, i have to report it to their leadership, so they can change to a stronger password.  

This tool must be able to test local computers too for local logins as well.

Evan Cutler
Evan Cutler
3 Solutions
Try GFI LanGuard:


Or, just enable strong passwords and force everyone to change their password at next login.
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
well, how do I check the passwords to see if they're not just XMAS'd (ie.  !@#$%12345qwertQWERT)

I definetely gave you the wrong link - sorry! Ii cross-posted to another question and swapped the answeres by accident.

You need something like GFI Languard to audit the passwords.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

I think you are going wrong way.
You need to create a new password policy, enable minimal lengh of for example 8 and requirement of extra symbols like &! etc.
Users with weak passwords will be prompted to change it next time they log in.
Rich RumbleSecurity SamuraiCommented:
First, apply the GPO to stop storing the LanMan hash: http://support.microsoft.com/kb/299656
Then force users to change their passwords. Make your minimum password 10 and add alpha and extra characters as a requirement. This will thwart most if not all Rainbow-table attacks.
Then download JohnTheRipper, or cain&able from oxid.it, dump your hashes from your AD (after forcing users to change their passwords) using FgDump or Pwdump6. Import them into cain&able, or run them against jtr with the jumbo patch (you can find this pre-compiled on the internet) and run john.exe passwords.txt -format=NT

This however does not stop programs that "pass the hash" which require no password cracking so it doesn't matter how strong a password is. These programs however require that they gain administrator access to do so, see gsecdump + msvctl and the "pass the hash toolkit"
As an administrator of a domain, the password policy should be your responsibility. Authentication is crucial to IT security and shouldn't lie strictly upon the clients shoulders.

So, I agree with some comments above by enforcing a password policy and also disabling LMhash authentication. Creating the group policy object is easy, quick ,and will allow you to concentrate on other facets of being an IT admin.

A free tool for checking passwords from microsoft is Microsoft Baseline Security Analyzer: (MBSA)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now