Since passwords are the primary authentication method in Active Directory, strong password policies are essential. Specops Password Policy, SPP, is a password policy enforcer. A severe disadvantage with the built in password policy is that there can only be one policy per domain affecting all the user accounts.
SPP overcomes this restriction by allowing you to specify multiple password policies. SPP is based on Group Policy technology, which means that it can be configured in any number of group policies within Active Directory.
SPP offers granular password complexity requirements when specifying the rules for a password policy. One such rule is the ability to define lists containing words restricted for use in passwords. SPP helps your organization to be password policy compliant.
Additional features include special behavior when administrators reset lost passwords. A password policy can be configured not to apply when the password is reset, as well as automatically unlocking accounts and requiring the user to change the password at the next logon. This lowers the burden for administrators when resetting lost passwords.
- Set any combination of password restrictions: lower case, upper case, digits, special characters
- Disallow user names in passwords, disallow words from word lists, etc
- Minimum password length
- Maximum password length
- Extended password complexity
- Password reset rules
- Different password expiration rules, commonly called password age, on each policy
- 11 languages supported in the end user password change dialog.
- Graphical Password Complexity meter
- Password History
- Dissallow consecutive characters in password
- Dissallow incremental passwords
- Disable account lockout
- Automatically send password expiration e-mail
- Group Policy delegated security model
- Supports automation through Windows PowerShell or .NET
- Support for 64-bit Domain Controllers
- Support for Windows 2008 Server
- Support for Remote Server Administration Tools (RSAT)
- Integration with Specops Password Reset
- Additional password policy requirements; Regular expressions; Disallow backward words in wordlist; Disallow digit as last character
- password expiration warning e-mail settings; Configurable sender; Exclude password policy requirements