Lithnet Password Protection for AD
Request a quote for supportDownloads
v1.1
v1.1
  • Home
    • About Lithnet Password Protection
  • Setup
    • Getting started
    • Downloads
    • Setup requirements
    • Installation
    • Creating a new store
    • Load compromised passwords into the store
    • Configure group policy
    • Testing the password filter
  • Auditing
    • Audit existing passwords
  • Help & Support
    • Testing the password filter
    • Troubleshooting steps
    • Frequently asked questions
    • Getting support
    • Change log
  • Advanced Help
    • Powershell reference
      • Add-BannedWord
      • Add-CompromisedPassword
      • Get-PasswordFilterConfig
      • Get-PasswordFilterPolicy
      • Get-PasswordFilterResult
      • Import-BannedWordHashes
      • Import-BannedWords
      • Import-CompromisedPasswordHashes
      • Import-CompromisedPasswords
      • Open-Store
      • Remove-BannedWord
      • Remove-CompromisedPassword
      • Set-PasswordFilterConfig
      • Sync-HashesFromHibp
      • Test-IsADUserPasswordCompromised
      • Test-IsBannedWord
      • Test-IsCompromisedPassword
    • Normalization Rules
    • Event logging and reporting
    • Configuring a length based complexity policy
    • Configuring a points based complexity policy
    • Understanding the store
Powered by GitBook
On this page
  • The group policy settings do not appear when I open the group policy editor
  • Password changes are not being rejected as expected
  • Passwords are being rejected, but no event log from LPP is present
  1. Help & Support

Troubleshooting steps

PreviousAudit existing passwordsNextFrequently asked questions

Last updated 2 years ago

The group policy settings do not appear when I open the group policy editor

If you have installed the group policy templates on the computer, but they do not appear under Computer Configuration\Policies\Administrative Templates\Lithnet\Password Filter when you open the group policy editor, then your domain is likely using a .

See the steps in for instructions on how to copy the group policy template files to the central policy store.

Password changes are not being rejected as expected

If the password change was not blocked as expected, run the and cmdlets on the server that processed the password change, and ensure the correct configuration and policy is applied.

Passwords are being rejected, but no event log from LPP is present

If the password was rejected, but there was no event log entry from LithnetPasswordProtection explaining the reason for the password change, there are two likely reasons for this

  1. It may be because another password filter, or Windows itself rejected the password. If you use the built-in Windows password policy, those settings are always processed before LPP can review the password. In this case, LPP will never see the password to evaluate it.

  2. The event log from LithnetPasswordProtection will only appear on the server that processed the password change. This could be any writable domain controller in the domain. Ensure that you check all domain controllers for the event log entry.

central policy store
configuring the group policy
Get-PasswordFilterConfig
Get-PasswordFilterPolicy