How To Enforce Password Policies In Active Directory

Managing and enforcing password policies in Active Directory ensures that passwords are strong and changed in accordance with the rules of the organisation. These rules also specify how frequently a password must change to safeguard against an attacker cracking the password. Vendors have identified that the Active Directory management tools supplied by Microsoft are cumbersome. This problem has resulted in the development of third party applications that simplify Active Directory administration.

Introduction

Tools supplied by Microsoft to administer Active Directory are complex and challenging to use. Fortunately, third party vendors have come to the rescue with utilities that plug into Active Directory, making administration far easier and less time consuming. In this article, we look at Password Policy Guardian from (Namescape, 2015)

Password Policy Guardian

Password Policy Guardian introduces simplicity to the administration of Active Directory. Along with this simplicity, Namescape included powerful features addressing the major administration time wasters. This has all been done in a single stylish interface. Some of the impressive features available have been listed below.

–   Enforce password policies whenever a user changes their password.
–   Configurable policy settings let you specify more complex password filter rules than those supplied by Microsoft.
–   Flexibility to apply policies to locations, groups and individual users.
–   Ability to view and test policy settings for a user.
–   A restricted word list is included. Words can be added to the word list by importing a delimited text file.

Combining myPassword and Password Policy Guardian

myPassword and rDirectory from Namescape can also be implemented together with Password Policy Guardian. Users will instantly receive an explanation why a password does meet the organisation’s complexity policies without Help Desk assistance, saving time and resulting in a faster ROI.

Active Directory Account Policies

Account policies consist of a set of rules governing the three primary account authentication features: password configuration, account lockout, and Kerberos
authentication. These features are described as follows:

Password Policy
Used for local user accounts. They determine the enforcement and lifetime settings of the password.

Account Lockout Policy
Used for local accounts. It determines when and who will be locked out of the system.

Kerberos Policy
This is the primary authentication mechanism used in the Active Directory domain. (Microsoft TechNet)

Conclusion

The default settings provided in the Password Policy Guardian strengthens the organisations network security with tighter user authentication, making it harder for attackers to crack the passwords. Password Policy Guardian is also easier to use than the administration tools supplied by Microsoft; the learning curve is not as rigorous resulting in a faster ROI.

References

Microsoft, 2016. Available: Technet [June 2016] https://technet.microsoft.com/en-us/library/dd277398.aspx

Namescape, 2015. Available: Password Policy Guardian [June 2016] http://www.namescape.com/passwordpolicyguardian

Recommended Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Start typing and press Enter to search