Password Policy Enforcer

What's new in PPE V8.0

Password Policy Server

  • Now compatible with Windows 10.
  • Uses a new communications library with better performance and more options.
  • Added a configuration value to control the maximum transmit time for the Password Policy Server.
  • Modified the default rule inserts to fit the space available on Windows 10.

Password Policy Client

  • Now compatible with Windows 10.
  • Hides non-essential user interface elements on the Windows 10 Change Password screen to increase the space available for the Password Policy message.
  • Displays the Password Policy message in a message box on Windows 10 computers with small screens. The Password Policy message box can also be shown on larger screens by changing the default display settings.
  • Replaces the leading minus sign in the Password Policy and Rejection Reason messages with a bullet character on Windows Vista and later.
  • Uses a new communications library with better performance and more options.
  • Improved compatibility with third-party credential providers.
  • Added a parameter to the Client API to differentiate between password changes and password resets.

Management Console

  • Improved warning messages relating to the enforcement of the default policy when there are no other policy assignments.

What's new in PPE V7.6

Password Policy Server and Client

  • Now compatible with Windows 8.1 and Server 2012 R2.

What's new in PPE V7.5

Password Policy Server

  • Added support for local password policies. Local password policies can be enforced on standalone and domain member computers (servers and workstations).
  • Improved performance of the configuration cache.
  • Does not enforce a password policy for the krbtgt account (KB2549833).

Password Policy Client

  • Added support for local password policies.
  • Improved performance on Windows 8 and Server 2012.
  • Improved compatibility with third-party credential providers.

Installer & QuickStart Wizard

  • The QuickStart Wizard Express Setup option now allows you to choose which component(s) to install.

What's new in PPE V7.0

Password Policy Rules

  • The Maximum Age rule can delay the expiry of passwords that exceed a certain length to encourage the use of longer passwords.
  • A new Character Pattern rule detects patterns like abcde and 12345.
  • A new Repeating Pattern rule detects passwords like Passw0rdPassw0rd and P@ssw0rdPassword. This stops users from using repetition to increase the length of a short password.
  • A second Dictionary rule has been added to allow for more flexible detection of dictionary words. The second rule can be used with different settings, and it can remain enabled if the first Dictionary rule is disabled for passphrases. This can be used to relax requirements for passphrases without totally disabling dictionary checking.
  • A new Custom Character rule without a predefined character set allows custom character sets to be used without overwriting one of the default character sets.

Password Policy Server

Password Policy Client

  • Now compatible with Windows 8 and Windows Server 2012.
  • Improved compatibility with third-party credential providers.
  • Displays a diagnostic message if the Password Policy Server does not respond to a request. This is likely to happen if a domain controller is not running PPE, or if a firewall is blocking access to the PPS port.

Management Console

Mailer Service

Installer & QuickStart Wizard

  • The PPE Client installer now attempts to complete the installation without restarting Windows on Windows Vista and later.
  • The QuickStart Wizard now displays a warning message if run on an unsupported Windows version.

New in PPE V6.0

Password Policy Rules

  • A new History rule similar to the Windows history rule. PPE's History rule can enforce different history requirements for each PPE policy. This rule can stop password reuse for a specified number of days, or a specified number of password changes.
  • The Maximum Age rule has been redesigned to reduce the likelihood of a user being allowed to logon on the day their password expires, and then being denied access to some network resources some time after logon.

Password Policy Server

  • Now compatible with Windows Server 2008 R2.
  • PPE can disable some rules when a user enters a passphrase (long password). This allows you to enforce a complex password policy while still encouraging users to use passphrases.

Password Policy Client

  • Now compatible with Windows 7 (x86 and x64 editions) as well as Windows Server 2008 R2.
  • The PPE Client API is now included with the Password Policy Client. Send an e-mail to support@anixis.com if you would like to enforce PPE's password policies from your own applications.

Management Console

Mailer Service

  • The PPE Mailer reminds users to change their password by sending them e-mail reminders before their password's expiry date.

New in PPE V5.0

Password Policy Rules

  • A new Minimum Age rule similar to the Windows minimum password age rule. PPE's Minimum Age rule allows you to enforce a different minimum password age for each PPE policy.
  • A new Maximum Age rule similar to the Windows maximum password age rule. PPE's Maximum Age rule allows you to enforce a different maximum password age for each PPE policy. This rule has six operating modes to permit gradual expiration of existing passwords, allowing the helpdesk to better deal with any increase in calls arising from the new policy.
  • A new Keyboard Pattern rule rejects passwords that contain keyboard patterns such as qwerty. This rule has several advanced detection options, including a choice of keyboard layouts.
  • A new First Character rule rejects passwords that do not begin with a character from an approved character set.
  • A new Last Character rule rejects passwords that do not end with a character from an approved character set.
  • A new Repeating Characters rule rejects passwords that contain excessive character repetition.
  • The User Logon Name, User Display Name, and Similarity rules now have an automatic tolerance option to automatically set an appropriate tolerance during every password change.

Password Policy Client

  • Now compatible with Windows Vista, including x64 editions.
  • Improved support for user principal names [user@domain.com] and down-level logon names [DOMAIN\user].
  • Automatically closes the Rejection Reason message when the Change Password dialog times out on Windows 2000, XP, and 2003.
  • Improved handling of local account password changes.

Management Console

New in PPE V4.5

  • Compatible with Windows x64 Editions. Both x86 and x64 versions of the Password Policy Server and Client are included. The PPE Installation Wizard automatically installs the correct version.
  • A new QuickStart Wizard to help administrators install PPE.
  • Uses the new "secure" Visual C++ 2005 run-time library routines to further protect against buffer overflows.
  • Improved handling of DNS domain names and UPN usernames by the Password Policy Client.

New in PPE V4.0

Management Console

  • Stores configuration in Active Directory, and automatically replicates it to all domain controllers (without modifying AD schema).
  • Test policies page to test password policies and see how PPE analyzes passwords. You can see which policy is enforced, results from each rule, and an event log for troubleshooting.
  • Uses Microsoft Object Picker dialog for selecting users and groups.
  • Stores user and group assignments by SID instead of account name, so renaming users or groups will not break policy assignments.
  • True remote configuration from Windows 2000 and XP.
  • Context sensitive online help.
  • Simplified user interface.
  • Accepts Unicode characters.

Password Policy Server

  • Can assign password policies to Active Directory containers (OUs).
  • Correctly handles Active Directory group nesting.
  • Does not require a partner DC for group lookups.
  • Disable and enable PPE without restarting domain controllers.
  • Disable and enable policies without restarting domain controllers.
  • Default policy is optional and independent of policy priority.
  • Improved Character Substitution Table.
  • Improved logging.
  • Uses Microsoft StrSafe library to protect against buffer overflows, and SecureZeroMemory instead of ZeroMemory.
  • More secure implementation of password change notification.
  • New option to simplify Dictionary rule.
  • Installs automatically onto domain controllers using Group Policy.

Password Policy Client

  • Does not install a GINA DLL.
  • Self-configuring, does not require a client configuration file.
  • Displays password policy on the Change Password dialog, so users can see the policy as they choose their password.
  • Displays policy messages in 31 languages.
  • Does not require a client dictionary file.
  • Displays password history rule in policy message (English only).