Exclude commonly used passwords from 2016 domain

Password filters policies.
Hi I'm just setting up a domain on win srv 2016 and I'm assigning a new password policy where I want to exclude certain passwords (well know dictionary passwords).
So I came across a set up of dll file for this purpose.
Is there any dll template which I can use and will include most knew passwords ?
LVL 1
wannabecraigAsked:
Who is Participating?
 
wannabecraigConnect With a Mentor Author Commented:
I've checked the sollution but it is quite pricey so I've downloaded  https://github.com/jephthai/OpenPasswordFilter/raw/master/OPF-alpha.zip
And I've used following instructions:

 1. Copy `OpenPasswordFilter.dll` to `%WINDIR%\System32`
 2. Configure the `HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages` registry key with the DLL name

and have got error here
sc create OPF binPath= c:\opf\opfservice.exe start= boot

so I've tried to create it without "start=boot" switch which has worked and the service is in my services list
When I try to strat it manually the following error appears

"The opf service on Local Computer started and then stopped. Some services stop automatically if they are  not in use by other services or programs"
0
 
McKnifeCommented:
General advice: be very, very careful with this since a false move can literally wreck your whole domain - changes might be irreversible!
--
3rd party tools or freeware are often not fully compatbile and should be tested thoroughly in a test domain of the same domain level.
I can recommend a commercial tool that we use with server 2016 AD which is very flexible and doesn't cost much: https://anixis.com/products/ppe/
It can do what you want.
0
 
McKnifeCommented:
What's New: https://www.anixis.com/products/ppe/new.htm
Download: https://www.anixis.com/products/ppe/download.htm
Administrator's Guide: https://www.anixis.com/doc/ppe900ag/index.html
Download 320 million password hashes: https://haveibeenpwned.com/Passwords
-----
It can even enforce a deny on 320 million known, leaked passwords
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
McKnifeCommented:
You would like to use an ALPHA software on your productive domain? Well... that is highly risky. Don't.
Is it even said to be compatible with your server version?
0
 
wannabecraigAuthor Commented:
This is mostly test environment at this stage until all is tested.
I know there is a way how to modify dll file such it reads CSV file with passwords.
I've checked anixis and the price is around 1500$ which is significant
0
 
McKnifeCommented:
Putting a domain at risk with a software that might wreck it completely, is significant, too.
I used such a pw dll solution once with the result that I couldn't change any password any more - changes were irreversible, the whole domain was junk. It was a test domain. Be very careful.

For how many users, by the way and what is your planned budget?
0
 
McKnifeCommented:
Could you please add how you made it work and as well add what server version your domain controller has?
0
 
wannabecraigAuthor Commented:
worked
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.