Exclude commonly used passwords from 2016 domain

Password filters policies.
Hi I'm just setting up a domain on win srv 2016 and I'm assigning a new password policy where I want to exclude certain passwords (well know dictionary passwords).
So I came across a set up of dll file for this purpose.
Is there any dll template which I can use and will include most knew passwords ?
LVL 1
wannabecraigAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
General advice: be very, very careful with this since a false move can literally wreck your whole domain - changes might be irreversible!
--
3rd party tools or freeware are often not fully compatbile and should be tested thoroughly in a test domain of the same domain level.
I can recommend a commercial tool that we use with server 2016 AD which is very flexible and doesn't cost much: https://anixis.com/products/ppe/
It can do what you want.
0
McKnifeCommented:
What's New: https://www.anixis.com/products/ppe/new.htm
Download: https://www.anixis.com/products/ppe/download.htm
Administrator's Guide: https://www.anixis.com/doc/ppe900ag/index.html
Download 320 million password hashes: https://haveibeenpwned.com/Passwords
-----
It can even enforce a deny on 320 million known, leaked passwords
0
wannabecraigAuthor Commented:
I've checked the sollution but it is quite pricey so I've downloaded  https://github.com/jephthai/OpenPasswordFilter/raw/master/OPF-alpha.zip
And I've used following instructions:

 1. Copy `OpenPasswordFilter.dll` to `%WINDIR%\System32`
 2. Configure the `HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages` registry key with the DLL name

and have got error here
sc create OPF binPath= c:\opf\opfservice.exe start= boot

so I've tried to create it without "start=boot" switch which has worked and the service is in my services list
When I try to strat it manually the following error appears

"The opf service on Local Computer started and then stopped. Some services stop automatically if they are  not in use by other services or programs"
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

McKnifeCommented:
You would like to use an ALPHA software on your productive domain? Well... that is highly risky. Don't.
Is it even said to be compatible with your server version?
0
wannabecraigAuthor Commented:
This is mostly test environment at this stage until all is tested.
I know there is a way how to modify dll file such it reads CSV file with passwords.
I've checked anixis and the price is around 1500$ which is significant
0
McKnifeCommented:
Putting a domain at risk with a software that might wreck it completely, is significant, too.
I used such a pw dll solution once with the result that I couldn't change any password any more - changes were irreversible, the whole domain was junk. It was a test domain. Be very careful.

For how many users, by the way and what is your planned budget?
0
McKnifeCommented:
Could you please add how you made it work and as well add what server version your domain controller has?
0
wannabecraigAuthor Commented:
worked
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.