Comment on page
Load compromised passwords into the store
Import the PowerShell module and open the store folder
Open-Store -Path "D:\password-protection\store"
If you are replicating the store with DFS-R, pause replication before you start populating the store. Wait until you have completed the import process before resuming replication.
When using the HIBP downloader tool, make sure you download the NTLM hashes, not the SHA1 hashes, and download them into a single file
haveibeenpwned-downloader.exe -n pwnedpasswords_ntlm
If you have other NTLM hash sets you want to import, you can do so. Just make sure they are in a text file, each separated by a new line. Use the Import-CompromisedPasswordHashes cmdlet to import them.
Import-CompromisedPasswords -Filename "D:\password-protection\hashes.org-2018.txt"
Add-CompromisedPassword -Value p@ssw0rd
Test-IsCompromisedPassword -Value p@ssw0rd
The password filter can also protect against common substitutions by normalizing incoming passwords, and checking them against the banned word store. For example, adding the word
lithnetto the banned word store, will prevent common variations such as
Lithnet!from being used. You can read more about the normalization rules to understand how this works in more detail. The banned word store contains the list of these words you want to prevent passwords being based on. You can load in common names in your organization, or load in the entire dictionary. The Import‐BannedWords cmdlet is used to import a file of new-line separated words.
Import-BannedWords -Filename "D:\password-protection\english-dictionary-words.txt"
Add-BannedWord -Value "lithnet"