For diagnostic purposes you can turn on logging in Secure Password Extension. The log file can contain the following information: exceptions and errors, debug messages and functions’ returns, etc. You can use this diagnostic data to identify issues with Secure Password Extension.
|Caution: This section describes how to modify the Registry. However, incorrectly modifying the Registry may severely damage the system. Therefore, you should follow the steps carefully. It is also recommended to back up the Registry before you modify it.|
You can use Password Manager to create password policies that define which passwords to reject or accept. Password policy settings are stored in Group Policy objects (GPOs). A GPO is applied by linking the GPOs to a target container defined in Active Directory, such an organizational unit or a group.
For information on how to apply a password policy and change policy link order, see Managing Password Policy Scope.
Password Policy Manager (PPM) is an independently deployed component of Password Manager. Password Policy Manager is necessary to enforce password policies configured in Password Manager in such cases, when users change their passwords using tools other than Password Manager. To enforce password policies that you define with Password Manager, you must deploy Password Policy Manager on all domain controllers in a managed domain.
But when a user changes password by pressing CTRL+ALT+DELETE for example, the new password will not be checked immediately by Password Manager. The password's compliance with password policy rules will be checked on a domain controller, that is why PPM must be installed on all domain controllers in a managed domain. If PPM is not installed, in this case when the user changes password not in Password Manager, password policies configured in Password Manager will be ignored.
Password Policy Manager extends the default password policy settings and allows configuring policy scopes for each policy, so that only specified organizational units and groups are affected by the policy.
Password policy settings are stored as Group Policy Objects. PPM creates new GPOs, and it does not change any existing GPOs.
Depending on whether a domain controller is running an x86 or x64 version of Microsoft Windows Server operating system, the appropriate version of Password Policy Manager must be installed. The procedure for installing PPM is outlined in Installing Password Policy Manager.