Softpedia >Windows >Security >Security Related >Password Policy Enforcer >  Changelog

Password Policy Enforcer Changelog

What's new in Password Policy Enforcer 9.0

Dec 13, 2019
  • Password Policy Server:
  • A new Compromised rule to reject passwords from prior security breaches.
  • Accepts encrypted client requests from PPE V9.x clients. Responses to encrypted requests are also encrypted. Passwords or password hashes are still not sent over the network, even if encryption is enabled.
  • Can be configured to only accept encrypted client requests. Enabled by default for new configurations, but not when upgrading from an older version.
  • No longer backwards compatible with PPE V3.x clients.
  • Password Policy Client:
  • Sends encrypted client requests.
  • Improved handling of responses from servers with multiple IP addresses.
  • Added parameters to the Client API for Compromised rule client hash files.
  • Management Console:
  • Imports PPE V8.x configuration settings.
  • Improved file selection dialog default folder behavior and allow selection of read-only files.
  • Depreciated the exactly 7 or 14 characters Length rule option. This option is hidden unless it is selected.

New in Password Policy Enforcer 8.03 (Dec 13, 2019)

  • Password Policy Server:
  • PPS Port can be set to zero to stop the PPS from accepting client requests.
  • Does not enforce a password policy for the failover clustering account (CLIUSR).
  • Enforces the default policy for password changes without a username. Earlier versions would reject the password.
  • Accepts the password if a policy lookup error occurs and there is no default policy. This normally happens when an application checks a password that is not associated with a user account. A warning event is logged if the Log event when password not checked by PPE is enabled.
  • PPE.DLL digitally signed by Microsoft for compatibility with the LSA protection feature.
  • Password Policy Client:
  • Improved compatibility with third-party credential providers.
  • Improved default credential handling on Windows 8 and later when Interactive logon: Do not display last user name is enabled. Windows may display the wrong default credential when this policy is enabled with the PPE client.
  • Added configuration settings to set the default credential on Windows 8 and later.
  • Added configuration setting to enable the PPE Client in the Credential UI usage scenario.
  • Management Console:
  • Test Policies page handles names in UPN and SAM formats.
  • Increased maximum-minimum age from 90 to 180 days

New in Password Policy Enforcer 8.0 (Dec 13, 2019)

  • Password Policy Server
  • PPS Port can be set to zero to stop the PPS from accepting client requests.
  • Does not enforce a password policy for the failover clustering account (CLIUSR).
  • Enforces the default policy for password changes without a username. Earlier versions would reject the password.
  • Accepts the password if a policy lookup error occurs and there is no default policy. This normally happens when an application checks a password that is not associated with a user account. A warning event is logged if Log event when password not checked by PPE is enabled.
  • PPE.DLL digitally signed by Microsoft for compatibility with the LSA protection feature.
  • Password Policy Client
  • Improved compatibility with third-party credential providers.
  • Improved default credential handling on Windows 8 and later when Interactive logon: Do not display last user name is enabled. Windows may display the wrong default credential when this policy is enabled with the PPE client.
  • Added configuration settings to set the default credential on Windows 8 and later.
  • Added configuration setting to enable the PPE Client in the Credential UI usage scenario.
  • Management Console:
  • Test Policies page handles names in UPN and SAM formats.
  • Increased maximum-minimum age from 90 to 180 days

New in Password Policy Enforcer 8.0 (Dec 13, 2019)

  • Password Policy Server:
  • Now compatible with Windows 10.
  • Uses a new communications library with better performance and more options.
  • Added a configuration value to control the maximum transmit time for the Password Policy Server.
  • Modified the default rule inserts to fit the space available on Windows 10.
  • Password Policy Client:
  • Now compatible with Windows 10.
  • Hides non-essential user interface elements on the Windows 10 Change Password screen to increase the space available for the Password Policy message.
  • Displays the Password Policy message in a message box on Windows 10 computers with small screens. The Password Policy message box can also be shown on larger screens by changing the default display settings.
  • Replaces the leading minus sign in the Password Policy and Rejection Reason messages with a bullet character on Windows Vista and later.
  • Uses a new communications library with better performance and more options.
  • Improved compatibility with third-party credential providers.
  • Added a parameter to the Client API to differentiate between password changes and password resets.
  • Management Console:
  • Improved warning messages relating to the enforcement of the default policy when there are no other policy assignments.

New in Password Policy Enforcer 7.6 (Oct 24, 2013)

  • Now compatible with Windows 8.1 and Server 2012 R2.

New in Password Policy Enforcer 7.5 (Oct 24, 2013)

  • Password Policy Server:
  • Added support for local password policies. Local password policies can be enforced on standalone and domain member computers (servers and workstations).
  • Improved performance of the configuration cache.
  • Does not enforce a password policy for the krbtgt account (KB2549833).
  • Password Policy Client:
  • Added support for local password policies.
  • Improved performance on Windows 8 and Server 2012.
  • Improved compatibility with third-party credential providers.
  • Installer & QuickStart Wizard:
  • The QuickStart Wizard Express Setup option now allows you to choose which component(s) to install.

New in Password Policy Enforcer 7.0 (Jan 30, 2013)

  • Password Policy Rules:
  • The Maximum Age rule can delay the expiry of passwords that exceed a certain length to encourage the use of longer passwords.
  • A new Character Pattern rule detects patterns like abcde and 12345.
  • A new Repeating Pattern rule detects passwords like Passw0rdPassw0rd and P@ssw0rdPassword. This stops users from using repetition to increase the length of a short password.
  • A second Dictionary rule has been added to allow for more flexible detection of dictionary words. The second rule can be used with different settings, and it can remain enabled if the first Dictionary rule is disabled for passphrases. This can be used to relax requirements for passphrases without totally disabling dictionary checking.
  • A new Custom Character rule without a predefined character set allows custom character sets to be used without overwriting one of the default character sets.
  • Password Policy Server:
  • Now compatible with Windows Server 2012.
  • The dictionary file and password synchronization script paths can now contain environment variables.
  • Password Policy Client:
  • Now compatible with Windows 8 and Windows Server 2012.
  • Improved compatibility with third-party credential providers.
  • Displays a diagnostic message if the Password Policy Server does not respond to a request. This is likely to happen if a domain controller is not running PPE, or if a firewall is blocking access to the PPS port.
  • Management Console:
  • Imports PPE V6.x configuration settings.
  • Option to mask passwords when testing policies.
  • Improved dictionary file sorting performance by up to 400%.
  • Improved performance when opening the Policy Properties page for policies where all assignments are by container.
  • Mailer Service:
  • A /test parameter has been added to test the PPE Mailer's delivery options. It sends a test e-mail to the mail server or pickup folder.
  • The e-mail body filename can now contain environment variables.
  • Installer & QuickStart Wizard:
  • The PPE Client installer now attempts to complete the installation without restarting Windows on Windows Vista and later.
  • The QuickStart Wizard now displays a warning message if run on an unsupported Windows version.

New in Password Policy Enforcer 6.0.0.10 (Jan 25, 2010)

  • Password Policy Rules:
  • A new History rule similar to the Windows history rule. PPE's History rule can enforce different history requirements for each PPE policy. This rule can stop password reuse for a specified number of days, or a specified number of password changes.
  • The Maximum Age rule has been redesigned to reduce the likelihood of a user being allowed to logon on the day their password expires, and then being denied access to some network resources some time after logon.
  • Password Policy Server:
  • Now compatible with Windows Server 2008 R2.
  • PPE can disable some rules when a user enters a passphrase (long password). This allows you to enforce a complex password policy while still encouraging users to use passphrases.
  • Password Policy Client:
  • Now compatible with Windows 7 (x86 and x64 editions) as well as Windows Server 2008 R2.
  • The PPE Client API is now included with the Password Policy Client. Send an e-mail to [email protected] if you would like to enforce PPE's password policies from your own applications.
  • Management Console:
  • Imports PPE V5.x configuration settings.
  • Mailer Service:
  • The PPE Mailer reminds users to change their password by sending them e-mail reminders before their password's expiry date.

New in Password Policy Enforcer 5.0 (Jul 19, 2007)

  • A new Minimum Age rule similar to the Windows minimum password age rule. PPE's Minimum Age rule allows you to enforce a different minimum password age for each PPE policy.
  • A new Maximum Age rule similar to the Windows maximum password age rule. PPE's Maximum Age rule allows you to enforce a different maximum password age for each PPE policy. This rule has six operating modes to permit gradual expiration of existing passwords, allowing the helpdesk to better deal with any increase in calls arising from the new policy.
  • A new Keyboard Pattern rule rejects passwords that contain keyboard patterns such as qwerty. This rule has several advanced detection options, including a choice of keyboard layouts.
  • A new First Character rule rejects passwords that do not begin with a character from an approved character set.
  • A new Last Character rule rejects passwords that do not end with a character from an approved character set.
  • A new Repeating Characters rule rejects passwords that contain excessive character repetition.
  • The User Logon Name, User Display Name, and Similarity rules now have an automatic tolerance option to automatically set an appropriate tolerance during every password change.
  • Now compatible with Windows Vista, including x64 editions.
  • Improved support for user principal names [[email protected]] and down-level logon names [DOMAINuser].
  • Automatically closes the Rejection Reason message when the Change Password dialog times out on Windows 2000, XP, and 2003.
  • Improved handling of local account password changes.