Getting Started

Review the Domain and Local Policies topic.

Install Products

Install Password Policy Enforcer (PPE Server) on every domain controller to enforce the password policy for domain user accounts, or on individual servers and workstations to enforce the password policy for local user accounts. See the Install Password Policy Enforcer on a Server or Install with Group Policy Management topics for additional information.

You can install the Configuration Console on whatever servers are convenient for you to access. It is a selectable feature in the server installation msi package. See the Install Password Policy Enforcer on a Server topic for additional information.

Install the Mailer Service on a single server in each domain. See the Install Password Policy Enforcer on a Server topic for additional information.

Password Policy Enforcer client is optional, but recommended. Users receive immediate feedback when setting up their passwords. This saves your users time and frustration when picking compliant passwords. See the Install Password Policy Enforcer Client or Install with Group Policy Management topics for additional information.

Password Policy Enforcer Web is a separate product enabling users to change their Windows domain password from a web browser. See the Password Policy Enforcer Web topic for additional information.

Create the Compromised Passwords Base before enabling the Compromised Password Check. See the HIBP Updater topic for additional information.

Exclude PPE Files from AntiVirus Checks

Domain Controller

PPE.DLL if this file doesn't load, PPE can't enforce the password policy.

Clients

PPEClt.DLL if this file doesn't load, the client doesn't run.

Next Steps

You can work through the Evaluate Password Policy Enforcer.