Frequently Asked Questions

Do I have to install client software to enforce a password policy?

No. PPE includes an optional Password Policy Client to help users choose a compliant password, but the PPC is not needed to enforce password policies.

Does the Password Policy Client install a GINA DLL?

No. The Password Policy Client in PPE V4.0 and later does not install a GINA DLL. Some older versions of Password Policy Enforcer did install a GINA DLL.

Are users prompted to change their expiring password if the Password Policy Client is not installed?

Yes. Use the Prompt user to change password before expiration setting in Group Policy to control this feature.

Is Password Policy Enforcer compatible with Remote Desktop Connection and Microsoft Terminal Services?

Yes.

Does the Password Policy Server create a single point of failure?

No. One of our competitors uses this deceptive claim to discredit PPE. The nFront Password Filter page addresses the misleading claims made by nFront Security. Our published test results show that Password Policy Enforcer is more capable, efficient, and secure than nFront Password Filter.

Does PPE allow users to reset forgotten passwords?

Not directly. It integrates with ANIXIS Password Reset to provide a secure self-service password reset system.

Does PPE extend the Active Directory schema?

No. PPE only creates a single Active Directory container object to hold configuration settings. The schema is not extended.

Does PPE make any other changes to Active Directory?

It sets the "User must change password at next logon" flag if the PPE Maximum Age rule is enabled when user's password expires. Windows handles all other account updates including password changes and account lockouts.

Does Microsoft support systems with PPE, or the PPE client installed?

Yes. PPE only uses documented Microsoft APIs. PPE is installed on tens of thousands of domain controllers, and the optional client is installed on over a million desktops.

Does Password Policy Enforcer work with Windows 2000, Windows Server 2003 (including R2), Windows XP, and Windows Vista?

Yes.

What about Windows Server 2008, Server Core, and read-only domain controller (RODC)?

PPE V5.10 is compatible with Windows Server 2008, including Server Core and read-only domain controller.

Does PPE work with Windows x64 (64-bit) Editions?

Yes. PPE V5.0 is compatible with Windows x64 Editions as well as 32-bit Windows. PPE V4.02 and earlier are 32-bit only.

Can PPE expire passwords gradually?

Yes. PPE's Maximum Age rule has transitional modes that expire old passwords gradually.

Does PPE store passwords to enforce the Similarity rule?

No. PPE does not store passwords or password hashes. It also does not send passwords or password hashes over the network.

Does PPE work with Windows NT domains or standalone computers?

PPE V5.0 does not, but PPE V3.6 does.

Can ANIXIS develop a new rule to help enforce our password policy?

Yes. We do sometimes modify PPE to enforce unusual password policies. Send your request to support@anixis.com