Windows Password Filters
Do you have password requirements that is your windows accounts must follow? What is the requirements do not fall in Microsoft's password requirement policies? You can create your own filter to require custom rules.
Uses for Password Filters
One example of why you would want to use a password filter would to match the password to a database of known bad passwords and deny allowing your customer using that password.
Obtaining a Password Filter
You are able to create your own filter or find a precompiled filter that matches your requirements. We will be using OpenPasswordFilter from https://github.com/brockrob/OpenPasswordFilter.
Installing the Password Filter
There is an installer but we will be installing just the service and dll. First launch and compile the OpenPasswordFilter. Copy the DLL into C:\Windows\System32.
Register Password Filter
Launch Registry Editor and navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and add OpenPasswordFilter to Notification Pages.
Installing the Service
Compile and copy the OPFService to a directory on the target machine. Such as C:\Services. Launch command prompt as administrator. Type the following command and set the service to launch at boot.
sc create OPF binpath= C:\services\opfservice.exe
You need to restart your PC for windows to load the password filter. You can now test. The password filter that we used logs events in the event viewer.
If you run the service as a console application in debug mode you can see it checking the password against the service you decide to have it detect against. If it finds a match it fails and the password will not be changed as it will not meet the complexity requirements.