Dictionary Rule Not Working

I have installed Password Policy Manager on all DCs and I need to test against words we have added to the Dictionary file.  I have added the words to all DCs txt files and I am still able to use the words I have added to the files.  We are only using the Dictionary Rule and I have Checked "Enable dictionary lookup to reject passwords that contain: A complete word from the dictionary".  But like I said its not working, I have a test account I am using and it part of the correct groups I have setup on the PP server. 

 

What else do I need to do?  I have checked the encoding with Notepad ++ and the are set to USC-2 LE BOM and I am lost.  I am not sure if it should be this hard, maybe I am wrong.

 

Any help would be greatly appreciated.

 

Thank you,

Wade

  • Hi Wade,

    You mentioned that you are testing against words that you have added to the dictionary file. Have you tested against words that were already contained in the file before you added more?

    Did you also add those words to the dictionary file on the Password Manager server?
    C:\Program Files\Dell\One Identity Password manager\ Service\Password Policy Manager\QPMDictionary.txt
    If you attempt to change password using the Self-Service site then the dictionary file on the Password Manager server is used. If you try to change on a client machine using CTRL-ALT-DELETE then the dictionary files on the Domain Controllers are used.

    Try testing using CTRL-ALT-DELETE and see if the password is rejected.
    And also see if the dictionary rule is enforced if you use some of the original words in the dictionary file.

    Regards,

    Jim Casey
  • We have a policy already within AD and none of the original words will work anyways in that file.
    I just added a new word to the file on the Server and tested through the SSite and it let me use the password.
  • Hi Wade,

    It sounds like you have it correctly configured.

    I would suggest you open a case with support and let one of my colleagues work with you on it.
    support.quest.com/contact-support

    Regards,

    Jim
  • I have opened a ticket just waiting on their response. Let me give you a little more info on the system. And what I have done.

    We have 7 DCs across a couple of firewalls and we have installed PPM on each DC. On the server all I have active is the Dic Rule nothing else. The documentation for this software at best is just a headache. Besides adding PPM to the DCs is there anything else that would need to be done in AD or on the server?

    Thanks again,
    Wade
  • Hi Wade,

    If you have PPM installed on each of the DC's and you have the dictionary file copied across then you are configured correctly as long as the Password Policy is scoped, configured and enabled on the Password Manager server.

    If you ignore the dictionary rule and configure the password policy with some other rule which is different to those applied by the AD password policy, is it enforced by password Manager when you try to change password?

    If yes then Password Policy Manager is installed and configured correctly and your issue is narrowed down to the dictionary file.
    If no the then PPM is not configured correctly.

    Either way the support engineer who picks up your case will work with you until the issue is resolved.

    Regards,

    Jim