Management Console Views
The Password Policy Enforcer management console has four views. Click an item in the left pane of the management console to select a view.
Password Policy Enforcer View
Click Netwrix Password Policy Enforcer in the left pane to display this view. With this view, you can perform the following actions:
- Read the Password Policy Enforcer documentation.
- Connect to configuration. See the Connect to a Configuration topic for additional information.
Password Policy Server View
Click Password Policy Server in the left pane to display this view. With this view, you can perform the following actions:
- Edit PPS Properties Page
- Display the Compromised Password Checker page
- Run HIBP Updater
- Connect to a Configuration to a configuration
- Display the Support Tools page
Compromised Password Checker
The Compromised Password Checker finds compromised passwords and helps to strengthen them, which leads to increased security. It checks existing passwords against a compromised hash list at any time, not only during a password change or reset.
General
-
Enable – select this checkbox if you want to perform one of the following operations:
- Notify User – Sends an email to the email address on the user object of an AD user that is found to have a compromised password.
- Log events in "Event Viewer" – Creates a log entry for each user that has a compromised password. The log entry can be found in the X log of the event viewer.
- Force password change at next logon – Sets the Force Password Change at next login attribute on the AD User that was found to have a compromised password. When the user tries to login the next time they will be forced to go through the password change process.
-
Schedule – Click this link to open the "Schedule task" window. Choose date and time when the scan will start and configure the scan frequency.
Setup the desired schedule to run Password Checker. You may choose to run it once, or periodically on a defined schedule.
-
Frequency – Select how frequently you want to run Password Checker.
-
One Time – There are two options: Run now and Run later. If later, you should select the time in the When area.
-
Daily – Select the time of day at which you want to run Password Checker.
-
Weekly – Select the day of the week on which you want to run Password Checker.
-
Monthly – Select the day of the month on which you want to run Password Checker.
-
-
When – Select the start date and time when you to run Password Checker.
-
-
List of compromised passwords – The path to the database of compromised passwords.
-
Domain Controller – Name of the Domain Controller you want to scan with Compromised Password Checker. The name of the current domain controller can be taken from Configuration Report tab > Computer value. Please use the fully qualified (FQDN) domain controller name.
Report Recipient
- To – Type the email address of the administrator receiving the full report.
- From – Type the name and email address you wish to appear. The correct format is
"Display Name" <mailbox@domain.com>
User Notification
- From – Type the name and email address you wish to appear. The correct format is
"Display Name" <mailbox@domain.com> - Subject – Type the subject line of your email.
- Email – The text for the message you want to send to the user. The default text contains information about the recipient's name and account, as well as a request to change the password. You can customize it any way you want.
The Compromised Password Checker is now configured to protect your system against compromised passwords.
Policies View
Click Password Policy Server in the left pane to display this view. With this view, you can perform the following actions:
- Edit Policy Properties
- Testing Policies
- Creating a Policy and Deleting a Policy
- Set Policy Properties
Rules View
Click a policy name in the left pane to display this view. Use this view to configure the rules for a policy.