Link to home
Start Free TrialLog in
Avatar of kinda-clueless
kinda-cluelessFlag for Australia

asked on

Including a specific word in an Active Directory password policy

Hi,

I have a query I was hoping someone can help with.  A recent audit on our IT environment suggested that we include the ability to reject a certain word if it was submitted as part of a domain password - does anyone know if this is able to be done?  

I argued that a strong password was security enough but was overruled by those who know better, so I need to know whether it can be done or whether I enforce the rule via a corporate policy.

Thanks
Steve
ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You cannot do it natively with Active directory, you may find 3rd party tools out there that will but not natively.
Avatar of kinda-clueless

ASKER

Mike,

Thanks for the prompt assistance and confirmation of what I suspected the answer would be - when I front the board in February I will make sure I have the policy sorted so there is no comeback on me!

Nice tangent by the way, lets just say those that know better have no idea what is going on, but that's always the way, right?

Thanks
Steve
Thanks Demazter, I appreciate the quick answer, if it can't be done natively with Active Directory then it's not a risk I am prepared to take.

Cheers
Thanks,  you may want to look at some of the guides I listed here
http://adisfun.blogspot.com/2009/04/how-do-you-secure-ad-and-windows.html
some recommended password policy settings from some top security agencies are in those guides.  Just some ammo for the board members that will be shooting bullets at you I'm sure.
 
Thanks again Mike, I really appreciate the bullet proof vest!