Solved

Is there a password filter file to download for WIndows server 2012 R2?

Posted on 2014-10-30
6
1,393 Views
Last Modified: 2016-11-10
Hello,

As per one of the auditing reports, I am supposed to change the following registry key to include the file
EnPasFltV2x64

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Noti
fication Packages.

The scan was performed on a test Windows 2012 R2 server.
I am unable to find this on Microsoft web site or may be there is none required for 2012. Though the report only says these are applicable to 2008 R2 servers, 2008 server etc but does not mention that it is applicable to Windows 2012 that the scan was done.

Am I missing something?

I could not find any solution to this on expert exchange too.

Please help.

The scan result is as follows:

Test Status Severity Time
Strong Password Filtering Failed 0 10/29/14 3:49
PM
Description This test verifies that strong password filtering is configured on this system. With this configu
ration, passwords must contain at least one lowercase letter, one uppercase letter, one num
ber, and one special character. Strong passwords help to protect a system from password
guessing attacks.
Rules Policy Registry Values
Element Equals (case insensitive) "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA|
Notification Packages"
Version conditions If an element version has no content, the condition should:Fail Regular expression: /\benp
asfltv2x(86|64)\b/ (Flags:Case insensitive) Notification Packages Exists

Thank you,
Lal_gs
0
Comment
Question by:lal_gs
6 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40415076
it should still work remember to uncheck password complexity
Troubleshooting
0
 

Author Comment

by:lal_gs
ID: 40421772
Hello David,

Thanks for your reply. I have gone through the article that you sent through the link. But that article does not pertain to my question.

 For windows 2012 R2 servers, can I get a EnPasFltV2x64.dll? If so, where is it available.
 The article has not addressed this part.

We are trying  to enable "strong pasword filtering" for Windows 2012 R2 server.

Appreciate your help.

Thanks,

lal_gs
0
 
LVL 48

Expert Comment

by:dbrunton
ID: 40432028
See http://iase.disa.mil/stigs/os/windows/Pages/index.aspx

Read this first http://iase.disa.mil/stigs/os/windows/Documents/u_enpasflt_readme.txt

Warning!  Take care if you are unsure about what you are doing.
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40433256
you can have one developed for you cheaply once you define your objectives properly.

The standard rules for password complexity are:

Passwords must contain characters from three of the following five categories:

1.    Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
2.    Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
3.    Base 10 digits (0 through 9)
4.   Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/
 5.    Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.

your pci checker requires 4 of the 5 which is even more than the DOD requirement.. If you have a DOD pki cert you can download the file from http://iase.disa.mil/stigs/os/windows/Pages/index.aspx
0
 

Expert Comment

by:Rick Baks
ID: 41881942
You might want to check out the product ActivePasswords. KISS and small, but very customizable!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now