The LelandPW Password Filter for Windows NT/XP/2000/2003

Newest Version 12/16/2003

If you have installed versions of this DLL prior to the 12/16/2003 version, you may experience unexpected behavior when a very long password is set. Please update to this version.

Background

To maintain good passwords for SUNet, the Distributed Computing Group established the SUNet Password Standard  that all passwords must meet.

LelandPW.DLL implements a password change filter as described in Microsoft KB article Q151082 conforming to the posted SUNet standards. Please note that restrictions of the filter may supersede restrictions set by Passprop.exe, User Account Policies, or Group Policy. To filter all passwords in a domain, install the filter on every domain controller.

NOTE: When a user changes their password and their newly selected password does not meet the SUNet Password standards, the error message is not as useful as it should be. For Windows NT 4.0, the message is "Password is invalid" or "You are not allowed to change your password". For Windows 2000 clients, the message has been changed to "The password does not meet the password policy requirements"

Requirements

Windows NT 4.0 with Service Pack 3 or above installed or Windows XP/2000/2003

LelandPW.dll 53,248 Bytes
ALLWORDS 249,347 Bytes

(Save the link above as ALLWORDS or use your own. The ALLWORDS file can contain any dictionary words you want to check for. There must be a <cr> between each word.)

Installation

Copy LelandPW.dll and ALLWORDS to your \System32 directory of your domain controllers and set permissions on these files so that no one can tamper with them.

Active notification packages (password filters and password synchronization clients) are defined by a REG_MULTI registry value: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages". Each value is shown on it's own line and they are processed from top to bottom or until a package returns a failure response. Modify the registry value to include the value "LelandPW". As a side note, you should remove FPNWCLNT if you don't use File and Print for NetWare.

Reboot the machine. 

Copyright ©2006, by The Board of Trustees of the Leland Stanford Junior University. Permission granted to copy LelandPW.dll for non-commercial purposes, provided we receive acknowledgment.  No right is granted to quote from or use any material in/offered by this document for purposes of promoting any product or service. Information provided in this document is provided 'as is' without warranty of any kind, either expressed or implied.

Created: March 5, 1998 by Ross Wilper Last modified: February 28, 2006 by Ross Wilper ©2006 Trustees of the Leland Stanford Junior University E-mail comments/suggestions/additions