Softpedia >Windows >Security >Security Related >nFront Password Filter >  Changelog

nFront Password Filter Changelog

What's new in nFront Password Filter 7.2.0

Feb 12, 2023
  • Adds support for improved logging of failed passwords. The log file can now list the exact reasons for failure in addition to the failure code. Prior versions only produce the failure code and require a script to decode the failure codes to the exact reason(s) for failure.
  • Includes modification to the license check system to ensure the main worker thread to enumerate all affected users has completed. On some networks with a large number of exclusions the main thread was not completing prior to the run of the license check thread.
  • Version 7.2.0 defaults to interpreting the setOperation flag as true for any value other than zero. In some scenarios, the LSA is calling the filter with values for setOperation
  • That are not 0 or 1. You can now change how the behavior is handled via a registry setting.
  • HTML email template for the nFront Password Expiration service was modified to include some additional variables.
  • Bugfix – version 7.2.0 fixes an issue with the rule to check for breached passwords. In prior releases the breach password check used an all-lowercase version of the new password if you were also running the rule to check for any part of the full name within the new password.

New in nFront Password Filter 7.0.2 (Jan 18, 2021)

  • Bugfix – Version 7.0.2 nFront Expiration Service has been updated. The prior version did not correctly email the administrative report when debugging for the service was turned on. Also, the service was not showing the correct password age on the report for users affected by the Default Password Policy Configuration. This now operates correctly.
  • Bugfix – Version 7.0.2 has an update nFront Password Policy Service. In the prior release the service would stop if the nFront Client options are used and set for machines to check password age at user logon. This is now corrected.
  • Bugfix – Version 7.0.2 fixes problem with dictionary substitution not working for certain policy combinations.
  • Update – Version 7.0.2 - The license check process is updated to report to the registry the number

New in nFront Password Filter 6.3.0 (Oct 31, 2017)

  • MPE version now supports up to 10 different password policies (prior version supported 6 policies).
  • Windows 10 client now supports using a picture for the user on the logon screen. With no picture assigned it displays the “user silhouette” icon instead of a security key. This was a bug in the Windows 10 system and Microsoft had to provide us with code to work around the bug.
  • Client eliminates the need for secondary authentication when you make a remote desktop connection.
  • ADMX templates have been modified to eliminate leading whitespace for text boxes.
  • Added new registry settings to control the size and location of the password requirements on the client.
  • The Stanford Password Requirements were moved to each individual policy (instead of being applied to the Default Password Policy only in the MPE version).
  • You can now skip the dictionary based on password length within each individual policy.
  • All phrases for the rules and failure messages can now be directly modified by editing the npf-lang.txt file.
  • Length-based aging settings now use a direct windows API call to manipulate group membership (instead of triggering net.exe commands to add members to a group). Synchronization of groups is skipped if you are not using length-based aging settings.
  • Newer maintenance validation algorithm added to accept maintenance codes beyond the year 2020.

New in nFront Password Filter 6.2.0 (Oct 10, 2016)

  • Expiration Service was updated to support customization via plain text or html files instead of copying a new email body into the GPO textbox.
  • ADMX templates are included.
  • Client was modified to better support the release of Windows 10
  • Modifications for better performance and logging were added.
  • Code modified to log administrative resets even if configured to bypass the filter for admin resets.
  • Additional improvement to Windows 10 client.

New in nFront Password Filter 6.0.3 (May 12, 2015)

  • Bugfix for “reportOnly” mode with nFront Password Expiration service. (v.6.0.3). The prior version remained in report only mode when flag was cleared.
  • Feature added to turn debugging file into a continuous log by setting HKLM\Software\Policies\Altus\PassfiltProMPE\runningLogs, REG_DWORD (32-bit), value=1. (v.6.0.3).

New in nFront Password Filter 6.0.2 (Mar 18, 2015)

  • Default logging of rejected passwords was removed. (v.6.0.2)
  • Defaults to skip all password changes that are 100 characters or more to avoid issue with automated password changes by Microsoft Exchange and other applications. (v.6.0.2)
  • Bugfix for German language phrases (v.6.0.2)

New in nFront Password Filter 6.0.0 (Mar 3, 2015)

  • Support for Stanford password policy via filter and client messaging. In April 2014 Stanford University adopted a length-based password policy and many companies have opted for the same policy. The policy varies the character type requirements based on the length of the password.
  • Adds support for Unicode dictionary. Also continues to read ANSI encoded dictionary files.
  • Adds ability to log administrative password resets.
  • ADM now has maximum character limit set to 256 instead of 127. The GUI supports a max of 127 characters but some systems that do automated password changes like Exchange 2013 change to a 128 character password.
  • Option to skip password filtering for passwords longer than XX characters and option to log the users who are skipped. This is needed in some cases with Exchange 2013 which automates password changes using a 128 character password change that may fail depending on the policy settings.
  • ADM templates now have a maximum password warning interval of 999 days (instead of 60 days). This makes it easier to test in a lab environment.
  • ADM template set to max service interval of 168 hours (7 days) instead of 120 hours.
  • Dictionary supports character substitution. All combinations of the following character substitutions are checked: a=@, s=$, e=3, i=1, l=1, o=0.
  • Support for interpreting the ‘*’ character in the dictionary as a wildcard.
  • Bugfixes related to the client on Windows 8 and 8.1 were fixed.
  • Client is updated to support notification of password expiration at logon for Windows 7, Windows 8 and Windows 8.1.
  • Client improved to pre-check password during the password change instead of submitting the change and trapping any subsequent error.
  • Logging files for failures, password resets and skipped users configured to use double quotes and comma separator for easy import into Excel or other CSV parsing programs.
  • We removed the rule to look for passwords that exactly match a dictionary word.
  • Password strength meter has been modified to do additional checks and display “weak” for passwords that contain a few common password sequences (e.g. “password”, “letmein”, “qwerty”, etc.) and passwords that contain consecutive repeating characters.