Skip to content

Releases: ryanries/PassFiltEx

v1.3.21.2

29 Oct 15:03
Compare
Choose a tag to compare

New version v1.3.21

Highlights of this release are:

Completely removed ETW logging and moved to basic text file logging. After all these years, I am finally admitting publicly that I was just trying to be a cool Windows guru and that I was just being sadistic by trying to force people to use ETW. ETW has its uses but it's really awful for when you really just want a log file. The log file is \Windows\System32\PassFiltEx.log and the log is rotated after it reaches 1MB. By default only error messages are logged, but if you use the Debug registry setting in the PassFiltEx subkey, it will enable additional informational messages. Updated the README with this information.

Added a "BlockSequentialChars" setting. This setting adds the ability to block passwords if they contain 3 or more sequential characters such as ABC or abc or 123 or def or 456, etc. This setting was added at the request of user "L Kang".

(update 1.3.21.2: revision to BlockSequentialChars where abc and 123 will be blocked, but not !@#)

v1.3.21

29 Oct 05:21
Compare
Choose a tag to compare

New version v1.3.21

Highlights of this release are:

  1. Completely removed ETW logging and moved to basic text file logging. After all these years, I am finally admitting publicly that I was just trying to be a cool Windows guru and that I was just being sadistic by trying to force people to use ETW. ETW has its uses but it's really awful for when you really just want a log file. The log file is \Windows\System32\PassFiltEx.log and the log is rotated after it reaches 1MB. By default only error messages are logged, but if you use the Debug registry setting in the PassFiltEx subkey, it will enable additional informational messages. Updated the README with this information.

  2. Added a "BlockSequentialChars" setting. This setting adds the ability to block passwords if they contain 3 or more sequential characters such as ABC or abc or 123 or def or 456, etc. This setting was added at the request of user "L Kang".

v1.2.20

06 Jul 15:35
Compare
Choose a tag to compare

Removed the 'RequireCharClasses' registry setting and replaced it with MinLower/MinUpper/MinDigit/etc.

v1.1.10

30 Dec 01:24
Compare
Choose a tag to compare
  • Added a new "require either upper case or lower case" to the RequiredCharClasses registry setting - it is 0n32.
  • Changed the test program PassFiltExTest. You can use it to test whether PassFiltEx will allow a password or not without having to do all the hassle of installing it on a DC and deciphering the ETW tracing. BUT it only works on the DEBUG build.

v1.1.9

15 Feb 17:13
Compare
Choose a tag to compare

Bugfix: Password resets for RODC krbtgt_xxxxxx accounts were being blocked. Should be fixed now.

v1.1.8

24 Jun 12:50
Compare
Choose a tag to compare

Minor bug fixes:

  • The filter was allowing a blank password. Not a big deal, since other Active Directory policy would have already prevented a blank password anyway. But it's hard to imagine any scenario where an administrator would want to allow any blank passwords and also have this password filter installed at the same time.

  • The filter was not lowercase'ing the last character, meaning that a password could potentially erroneously pass the blacklist if the last character in the blacklisted token was uppercase.

v1.1.7

21 Jun 20:45
Compare
Choose a tag to compare
  • Tested on Server 2019
  • Upgraded from memcpy to memcpy_s
  • Called RtlSecureZeroMemory where appropriate
  • Small logging enhancement when we couldn't locate the blacklist file

v1.1.6

09 Feb 19:27
Compare
Choose a tag to compare
  • Contains all previous fixes and improvements from earlier versions.

  • Lower memory usage compared to earlier versions.

  • Added the ability to require additional categories of characters in a password, above and beyond what built-in AD password complexity requires.

  • Fixed a nasty memory bug where I was copying into memory before I had allocated space for it.