Special Operations Software Releases Next Generation of Password Policy Security for Microsoft Windows Server 2003

Specops Password Policy 2.0 introduces multiple password policies with delegated administration within an Active Directory domain

Stockholm, Sweden, Jan. 16, 2007 -- Special Operations Software announced the release of Specops Password Policy 2.0, the next generation of Windows Password Policy.

Specops Password Policy 2.0 is a password policy system based on the Group Policy technology in Active Directory and enhances the built-in password policy of Windows. Specops Password Policy 2.0 provides 20 different settings from which to choose when configuring a password policy.

Currently in Active Directory, the built-in password policy must be configured on the domain level, in the Default Domain policy or similar. Consequently. there can be only one password policy throughout the domain and it can only be configured by a domain administrator. Specops Password Policy is truly Group Policy-based and can consequently be configured in any number of group policies. This has several advantages:

  • There can be more than one password policy in Active Directory affecting different users. For example, a strong password policy can be configured for administrators and a more forgiving password policy for normal users.

  • The password policy configuration can be delegated. In a large Active Directory environment, administrators on different levels can configure the password policy without needing domain-level permissions.

  • Familiar Group Policy targeting mechanisms such as security group filtering, enforcing and blocking will affect the password polices.

  • Configuring the password policies mimics the configuration of other security settings since most security settings are Group Policy based as well.

New Features Specops Password Policy 2.0 adds many additional password features and requirements:

  • Disallowing words from specified dictionaries in the passwords.

  • Disallowing incremental passwords, for example changing from password1 to password2, would be prohibited.

  • E-mail notification when the password is about to expire. This is an important feature for users who do not normally log in interactively (for example, via Outlook Web Access). From such applications the password cannot be changed after it has expired. The e-mail notification can be used to inform the users ahead of time that they need to change the password. This feature will help in minimize expired password support calls.

  • Maximum length requirement on passwords. This feature is useful for environments where the same password is used to access multiple systems (i.e., main frame systems) and the maximum password length may be limited.

  • Multiple password age policies.

  • Multiple password history policies.

Specops Password Policy 2.0 is fully scriptable. All administrative tasks can be automated through .NET programming or Windows PowerShell scripting. Specops Password Policy 2.0 includes a custom Windows PowerShell cmdlet.

About Special Operations Software

Special Operations Software, http://www.specopssoft.com, produces Group Policy-based Systems Management and Security software.

Must Read Articles