Forum Discussion

Jan11185's avatar
Jan11185
Brass Contributor
Oct 21, 2024

Vulnerability Management - Baselines assessment

We are currently evaluating Vulnerability Management to report on our CIS 2.0 compliance.   In a Domain Controller profile the Password Policy checks appear to be incorrect.   For example: 1.1.5 ...
micheleariis's avatar
micheleariis
MCT
Oct 21, 2024

Jan11185Hi, do you happen to have the fine-grained password policy active on the domain?

  • Jan11185's avatar
    Jan11185
    Brass Contributor
    Oct 21, 2024
    Yes I do, but they have all checked "Password must meet complexity requirements".

    Additionally we have "Entra Password Protection" installed. I wonder if that confuses it.
    If it does not know the solution, and just sees there is a Passfilt.dll installed... 🤷‍:male_sign:
    Anyways, it is just an additional complexity requirement, so ought to be even better than default Windows complexity.
    • micheleariis's avatar
      micheleariis
      MCT
      Oct 21, 2024

      Jan11185 Hi, I also have Entra Password Protection enabled and it hasn't given me any problems; if you run the command below on the domain controller what does it return?

       

      Get-ADDefaultDomainPasswordPolicy

      • Jan11185's avatar
        Jan11185
        Brass Contributor
        Oct 22, 2024
        Thank you for your responses.

        It looks ok:
        ComplexityEnabled : True