GithubHelp home page GithubHelp logo

00mjk / ad-password-protection Goto Github PK

View Code? Open in Web Editor NEW

This project forked from lithnet/ad-password-protection

1.0 0.0 0.0 570 KB

Active Directory password filter featuring breached password checking and custom complexity rules

License: MIT License

C++ 39.94% C 3.47% C# 55.58% PowerShell 1.01%

ad-password-protection's Introduction

Read the getting started blog post series

Lithnet Password Protection for Active Directory (LPP) enhances the options available to an organization wanting to ensure that all their Active Directory accounts have strong passwords.

LPP is a module that you install on your Active Directory servers that uses a password filter to inspect passwords as users attempt to change them. Using group policy, you customize the types of checks you want to perform on those passwords and they are either rejected, or approved, and committed to the directory.

LPP gives you the ability to take control of what a good password means to you. Whether you want to adopt the 2018 NIST password recommendations in part, or in full, it provides a rich set of group policy-based controls that allow you to enable any combination of the following checks on attempted password changes.

  • Block compromised passwords from being used. We've made it super easy to import the HIBP data set, but you can also import any plain-text passwords or NTLM hashes that you can get your hands on.
  • Block passwords based on certain words. Adding a banned word prevents it from being used as the base of a password. For example, adding the word 'password' to the banned word store, prevents not only the use of that word itself, but common variants such as 'P@ssw0rd', 'pa55word!' and 'password123456!'. LPP is aware of common character substitutions and weak obfuscations and prevents their use through a normalization process.
  • Define complexity policies based on length. For example, you can require number, symbol, upper and lower for passwords less than 13 characters, but have no special requirements for passwords 13 characters or longer. Reward length, with less complexity.
  • Regular expression-based policies. If regular expressions are your thing, you can define a regular expression that the password must match (or not match).
  • Points-based complexity. Assign points for the use of certain characters and categories and set a minimum point threshold a password must meet.

It also includes the ability to audit your users' existing passwords against the compromised password list. You'll be able to find the weak and known compromised passwords, and force those users to change their password.

Additional features

  • Full PowerShell support which is used to;
    • Manage the compromised password and banned word stores. Add your own banned words and compromised passwords, as well as use popular databases such as the haveibeenpwned.com downloadable password list
    • Test passwords and existing hashes against the compromised store
    • Check to see if your user's current passwords in AD are found in the compromised password store
  • Passwords never leave the domain controller
  • Designed for large environments where high performance is required
  • Creates detailed event logs
  • Uses a DFS-R friendly data store
  • No internet access required
  • No additional servers required for deployment
  • Group policy support

System Requirements

LPP is only supported on x64 editions of Windows

Password Filter

  • Windows Server 2008 R2 or higher
  • Microsoft Visual C++ Runtime 14 (2017)

PowerShell module

  • .NET Framework 4.6
  • PowerShell 5
  • Microsoft Visual C++ Runtime 14 (2017)

Getting started

Download the installer from the releases page

Read the getting started guide or visit the wiki for the full set of documentation.

How can I contribute to the project?

  • Found an issue and want us to fix it? Log it
  • Want to fix an issue yourself or add functionality? Clone the project and submit a pull request

Enteprise support

Lithnet offer enterprise support plans for our open-source products. Deploy our tools with confidence that you have the backing of the dedicated Lithnet support team if you run into any issues, have questions, or need advice. Reach out to [email protected], let us know the number of users you are protecting with LPP, and we'll put together a quote.

Keep up to date

Acknowledgements

ad-password-protection's People

Contributors

dependabot[bot] avatar ryannewington avatar

Stargazers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.