Frequently Asked Questions
Answers to commonly asked questions about Enzoic for Active Directory
Enzoic for Active Directory registers a Microsoft standard Password Filter. This filter is used to gate user password changes and check candidate passwords against a continuously updated cloud database of exposed passwords using a partial hash based comparison.
When a user password change is received by the LSA, it notifies Enzoic’s Password Filter DLL. The Enzoic Service connects via HTTPS to the Enzoic Cloud API to check a partial hash of the new password. If the password is identified as compromised, it is rejected. If the password is not compromised, the password change operation is allowed to proceed.
Enzoic for Active Directory supports any Windows Server 2008 R2 or greater for Forest and Domain functional level. Microsoft .NET Framework 4.5 is required. Enzoic for Active Directory requires an active Internet connection. You can specify a proxy server if you do not want Enzoic for Active Directory communicating directly over the Internet. If your firewall requires whitelisting IPs for traffic on port 443, please see Firewall Requirements in our Enzoic for Active Directory Installation Instructions.
Separately an Enzoic Console application is installed as a user interface to define the desired configuration. The configuration is stored in the Active Directory and replicated to other domain controllers via standard AD replication. The Enzoic Console is installed by default on the Domain Controller, but can be installed on any server connected to the domain. See our Enzoic for Active Directory Installation Instruction for simple deployment via GPO.
Root password detection provides more flexibility in the setting configuration. This option will enable or disable determining the function to determine a “root” password. It does this by removing trailing numbers and symbols.
- The password Blackberry1234!!! has a root password of Blackberry.
- If this option is enabled, the root password on Blackberry is checked with the other calculated variants.
Yes. There is a report displaying the status of all protected user accounts. Compromised accounts are clearly indicated. If an account is not being monitored, the reason is shown.
- Reports can be filtered and sorted from the Enzoic Console.
- Report views can be exported to a CSV file that can be used by automation scripts or opened in applications such as Excel.
Organizations have unique needs, so the automated responses can be customized when compromised or weak passwords are found. Organizations can automatically force a password reset, disable the account, or send alerts to an admin, the IT helpdesk or the user. The organization can then select the appropriate automated action—ranging from prompting the user to change their password on some future login to instantly disabling the account.