Say No to Sh!tty Passwords
A couple of months ago, I shared some password policy advice as one of my Five Easy Security Wins in Windows . Changing your password policy to a 365-day expiration and 15-character minimum is easy and far more secure than shorter password requirements, but it isn't impossible for people to still set bad passwords. Without a password checker in place, users can still set truly terrible passwords for their Windows logins. I needed to change that in my environment, and in my search for just the right tool, I found Lithnet Password Protection (LPP) for Active Directory . I'll share some background info about why implementing LPP was necessary, and give a quick run-down on how to set it up on Domain Controllers. Shitty Passwords Everywhere I have seen no shortage of truly awful passwords in my career as a sysadmin. For whatever reason, end users seem convinced that they need to tell IT what their passwords are if they need assistance. I have never really wanted to know people...