Password Policy Enforcer Administrator's Guide

<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta name="keywords" content="password policy enforcer anixis windows password policy passfilt password filter Testing Policies" /> <meta name="description" content="Password Policy Enforcer Testing Policies." /> <title>Password Policy Enforcer Testing Policies</title> <link rel="StyleSheet" href="document.css" type="text/css" media="all" /> <link rel="StyleSheet" href="catalog.css" type="text/css" media="all" /> <link rel="first" title="First" href="TOC.html" /> <link rel="last" title="Last" href="License_Agreement.html" /> <link rel="previous" title="Previous" href="Passphrases.html" /> <link rel="next" title="Next" href="PPE_Rules.html" /> </head> <body> <table id="SummaryNotReq1" width="220" border="0" align="right" cellpadding="0" cellspacing="0"> <tr> <td align="right"> <a accesskey="4" href="Passphrases.html"><img id="LongDescNotReq1" src="images/prev.gif" border="0" alt="Previous" /></a><a accesskey="5" href="PPE_Rules.html"><img id="LongDescNotReq2" src="images/next.gif" border="0" alt="Next" /></a><br /><br /> <span><a href="http://www.anixis.com/" style="font-family: Arial, Verdana, Helvetica, sans-serif; font-weight: bold; color: #007577;" target="_top">ANIXIS Web Site</a></span> </td> </tr> </table> <p> <a href="http://www.anixis.com/products/ppe/" target="_top"><img id="LongDescNotReq3" src="images/logo.gif" width="174" height="46" border="0" alt="Password Policy Enforcer" /></a> </p> <hr align="left" /> <blockquote> <a name="wp9000504"> </a><h2 class="pHeading2"> Testing Policies </h2> <a name="wp9000505"> </a><p class="pBody"> You can quickly test your PPE configuration by simulating a password change from the PPE management console. To test your PPE configuration: </p> <div class="pSmartList1"><ol type="1" class="pSmartList1"> <a name="wp9000506"> </a><div class="pSmartList1"><li>Click the <span style="font-weight: bold">Policies</span> item to display the <a href="Management_Console_Views.html#wp9000343">Policies view</a>.</li></div> <a name="wp9000507"> </a><div class="pSmartList1"><li>Click <span style="font-weight: bold">Test Policies</span> in the right pane of the management console.</li></div> <a name="wp9000508"> </a><p class="pBodyRelative"> <img src="images/Password_Policy_Enforcer_40.jpg" height="336" width="255" id="wp3000031" border="0" hspace="0" vspace="0"/> </p> <a name="wp9000509"> </a><div class="pSmartList1"><li>Type a user name in the <span style="font-weight: bold">User name</span> text box, and a password in the <span style="font-weight: bold">Old Password</span> and <span style="font-weight: bold">New Password</span> text boxes.</li></div> <a name="wp9000510"> </a><div class="pSmartList1"><li>Click <span style="font-weight: bold">Test</span>.</li></div> </ol></div> <hr width="100%" align="left" size="1" /> <table width="95%" border="0" cellspacing="0"> <tr> <td width="50" valign="top"> <img src="images/information.gif" width="32" height="32" /> </td> <td> <a name="wp9000511"> </a><p class="pInformation"> Clicking <span style="font-weight: bold">Test</span> simulates a password change, but it does not change the user's password.<br /><br />The PPE management console automatically tests passwords as you type. If you have a slow network connection, then deselect the <span style="font-weight: bold">Test passwords as I type</span> check box to disable automatic testing. </p> </td> </tr> </table> <hr width="100%" align="left" size="1" /> <a name="wp9000512"> </a><p class="pBody"> The PPE management console displays "Accepted" beside the <span style="font-weight: bold">New Password</span> text box if the new password complies with the PPE password policy, or "Rejected" if it does not comply. Detailed test results appear in the results panel below the <span style="font-weight: bold">New Password</span> text box. </p> <a name="wp9000513"> </a><p class="pBody"> Click the <span style="font-weight: bold">Results</span> tab to view the test results for each rule. The check boxes show which rules the new password complied with, and which rules it did not comply with. </p> <a name="wp9000514"> </a><p class="pBodyRelative"> </p> <div align="left"> <table cellpadding="2" cellspacing="0" id="wp9000003table4000002"> <caption></caption> <tr align="left" valign="top"> <td><a name="wp9000003"> </a><div class="pCellBody"> <img src="images/Password_Policy_Enforcer_03.jpg" height="19" width="86" id="wp3000032" border="0" hspace="0" vspace="0"/>      </div> </td> <td><a name="wp9000004"> </a><div class="pCellBody"> Rule disabled, or not tested. </div> </td> </tr> <tr align="left" valign="top"> <td><a name="wp9000005"> </a><div class="pCellBody"> <img src="images/Password_Policy_Enforcer_04.jpg" height="19" width="86" id="wp3000033" border="0" hspace="0" vspace="0"/>      </div> </td> <td><a name="wp9000006"> </a><div class="pCellBody"> Rule enabled, password complies with rule. </div> </td> </tr> <tr align="left" valign="top"> <td><a name="wp9000007"> </a><div class="pCellBody"> <img src="images/Password_Policy_Enforcer_05.jpg" height="19" width="86" id="wp3000034" border="0" hspace="0" vspace="0"/>      </div> </td> <td><a name="wp9000008"> </a><div class="pCellBody"> Rule enabled, password does not comply with rule. </div> </td> </tr> </table> </div> <p class="pBodyRelative"> </p> <a name="wp9000515"> </a><p class="pBody"> Click the <span style="font-weight: bold">Log</span> tab to view PPE's internal event log. The event log contains valuable troubleshooting information that helps you to understand why PPE accepted or rejected a password. For example, you can use the event log to determine which: </p> <div class="pSmartList1"><ul class="pSmartList1"> <a name="wp9000516"> </a><div class="pSmartList1"><li>Domain controller the configuration was read from.</li></div> <a name="wp9000517"> </a><div class="pSmartList1"><li>Policy was <a href="Assigning_Policies_to_Users.html">assigned</a> to the user, and <a href="Policy_Selection_Flowchart.html">why</a>.</li></div> <a name="wp9000518"> </a><div class="pSmartList1"><li><a href="Dictionary_Rule.html">Dictionary</a> word or <a href="Keyboard_Pattern_Rule.html">keyboard pattern</a> matched with the password.</li></div> <a name="wp9000519"> </a><div class="pSmartList1"><li>Errors or warnings occurred during processing.</li></div> <a name="wp9000520"> </a><p class="pBodyRelative"> <img src="images/Password_Policy_Enforcer_41.jpg" height="139" width="260" id="wp3000035" border="0" hspace="0" vspace="0"/> </p> </ul></div> <hr width="100%" align="left" size="1" /> <table width="95%" border="0" cellspacing="0"> <tr> <td width="50" valign="top"> <img src="images/information.gif" width="32" height="32" /> </td> <td> <a name="wp9000521"> </a><p class="pInformation"> If a log message is truncated because it is too wide, move the mouse cursor over it to display the entire message. </p> </td> </tr> </table> <hr width="100%" align="left" size="1" /> <a name="wp9000522"> </a><h4 class="pHeading4"> Policy Testing vs. Password Changes </h4> <a name="wp9000523"> </a><p class="pBody"> Policy testing simulates a password change, but it may not always reflect what happens when a user changes their password. A password change may yield different results to a policy test because: </p> <div class="pSmartList1"><ul class="pSmartList1"> <a name="wp9000524"> </a><div class="pSmartList1"><li>Policy testing does not simulate the Windows password policy rules. If the Windows password rules are enabled, then Windows may reject a password even though it complies with all the PPE rules.</li></div> <a name="wp9000525"> </a><div class="pSmartList1"><li>Policy testing does not enforce the <a href="Minimum_Age_Rule.html">Minimum Age rule</a>.</li></div> <a name="wp9000526"> </a><div class="pSmartList1"><li>Policy testing does not enforce the <a href="History_Rule.html">History rule</a>.</li></div> <a name="wp9000527"> </a><div class="pSmartList1"><li>Policy testing enforces the password policy even if PPE or the <a href="Assigning_Policies_to_Users.html">assigned policy</a> is disabled. This allows you to test your configuration before enabling PPE, or a new password policy.</li></div> <a name="wp9000528"> </a><div class="pSmartList1"><li>Policy testing occurs on the computer that the management console is running on. If the management console is running on a workstation, then it may not find the <a href="Dictionary_Rule.html">dictionary</a> file on the local computer, or the local dictionary file may be different to the one on the domain controllers. Copy the dictionary file onto the local computer (in the same path) to avoid this problem.</li></div> <a name="wp9000529"> </a><div class="pSmartList1"><li>The management console reads the PPE configuration from the domain controller that it is <a href="Connecting_to_a_Domain_Controller.html">connected to</a>. If the PPE configuration was modified recently, then Active Directory may still be propagating the new configuration to the other domain controllers.</li></div> </ul></div> </blockquote> <hr /> <table id="SummaryNotReq2" align="right" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="right"> <span style="font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 11px"> © Copyright 1998 - 2011 <a href="http://www.anixis.com/" target="_top">ANIXIS</a>.<br />All rights reserved. </span> </td> </tr> </table> <table id="SummaryNotReq3" width="220" border="0" cellpadding="0" cellspacing="0"> <tr> <td> <a accesskey="4" href="Passphrases.html"><img id="LongDescNotReq4" src="images/prev.gif" border="0" alt="Previous" /></a><a accesskey="5" href="PPE_Rules.html"><img id="LongDescNotReq5" src="images/next.gif" border="0" alt="Next" /></a> </td> </tr> </table> </body> </html>