Lithnet Password Protection for AD
Request a quote for supportDownloads
v1.1
v1.1
  • Home
    • About Lithnet Password Protection
  • Setup
    • Getting started
    • Downloads
    • Setup requirements
    • Installation
    • Creating a new store
    • Load compromised passwords into the store
    • Configure group policy
    • Testing the password filter
  • Auditing
    • Audit existing passwords
  • Help & Support
    • Testing the password filter
    • Troubleshooting steps
    • Frequently asked questions
    • Getting support
    • Change log
  • Advanced Help
    • Powershell reference
      • Add-BannedWord
      • Add-CompromisedPassword
      • Get-PasswordFilterConfig
      • Get-PasswordFilterPolicy
      • Get-PasswordFilterResult
      • Import-BannedWordHashes
      • Import-BannedWords
      • Import-CompromisedPasswordHashes
      • Import-CompromisedPasswords
      • Open-Store
      • Remove-BannedWord
      • Remove-CompromisedPassword
      • Set-PasswordFilterConfig
      • Sync-HashesFromHibp
      • Test-IsADUserPasswordCompromised
      • Test-IsBannedWord
      • Test-IsCompromisedPassword
    • Normalization Rules
    • Event logging and reporting
    • Configuring a length based complexity policy
    • Configuring a points based complexity policy
    • Understanding the store
Powered by GitBook
On this page
  • Installation options
  • Enable password filtering on this computer
  • PowerShell module
  • Group policy templates
  • Choosing a store path
  1. Setup

Installation

PreviousSetup requirementsNextCreating a new store

Last updated 7 months ago

Download the latest version of the installer from the page.

Installation options

The installer presents several options for you to choose from

  • Enable password filtering on this computer

  • PowerShell module

  • Group policy templates (ADMX)

Enable password filtering on this computer

When you select this option, the installer will register the password filter with the local security authority subsystem (LSASS) on the local computer. After a reboot, Windows will pass all password changes to the filter for validation. Note that you still need an appropriate configured before the filter will be configured to reject any passwords.

When you select this option on a domain controller, this means that the password filter will process any password change or set operations for any user.

Note that as any writable domain controller in a domain can process a password change, the module must be installed on every domain controller.

When you select this option a member server or workstation, enabling this option will mean that password changes for local accounts are checked by the filter for approval. Password changes for domain accounts are always processed by the domain controller, so this setting has no effect for domain account password changes performed on member servers and workstations.

PowerShell module

The PowerShell module allows you to build your store, add passwords and banned words and test passwords against the policy. For managing the password store, the PowerShell module can be installed on any machine that has access to the store folder. For testing passwords, the PowerShell module should be installed on a machine that has the domain's group policy applied to it. In order to audit existing user's passwords against the compromised password store, we recommend installing this module on the domain controller and running the appropriate cmdlet from there.

Group policy templates

Choosing a store path

If you are going to use the compromised password and banned word functionality, you'll need to create a password store. The store is a file-based data structure containing the NTLM hashes of the compromised passwords and banned words.

The group policy templates should be installed on any machine that you need to configure the password settings group policy on. We recommend copying the ADMX files to a , which will enable you to see and manage the group policy settings from any machine in the domain.

See the guide on for instructions on how to setup and configure your store.

downloads
group policy
central policy store
Creating a store