This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

ARM UserTemplate Password Restrictions

lmu over 2 years ago

Hi Everyone

In the ARM User Template we currently use some restrictions for the initial password (specific Characters are not allowed etc.)
These seem to work for the initial password that is created.

However the user can generate a new password and the restrictions other than the length do not seem to apply for that.

Also the user can manually overwrite the initial created password where he can also include characters not allowed for the initial password.

Is there a way to set restrictions on the password-field that do not only apply for the initial password but for all passwords?

Thank you for your help and Best Regards

Lukas

Parents

0 CK over 1 year ago

Hello Lukas, The initial password or setting in the ARM template is only valid for the moment you create the password. The validation is therefore only applied on input. To restrict future password changes, you should use the GPO in Active Directory. Here is a link to the Microsoft Tech article. learn.microsoft.com/.../password-must-meet-complexity-requirements The question arises, which user can simply change such a password for you?
Cancel
Vote Up 0 Vote Down

Cancel
0 lmu over 1 year ago in reply to CK

Hi Christian

Thank you for your answer. But I think there is a little misunderstanding. I don't want to restrict future password changes generally, I know that this should be done via GPO.

When I set restrictions on the User Template, the restrictions are only applied to automatically generated password. The Admin can set a different Password without restrictions during the user creation in ARM and I want to prevent that
Cancel
Vote Up 0 Vote Down

Cancel

0 CK over 1 year ago in reply to lmu

Hello Lukas, ok try this setting.

"InitialPassword": {
			"MinLength": 8,
			"IsComplex": true,
			"IsMasked": true,
			"Constraints": {
				"ValidationRule": "[^\\s]*",
				"ValidationInformation": "['en-us:At least 8 characters, uppercase and lowercase letters, at least one digit or a special character. Spaces are not allowed.', 'de-de:Min. 8 Zeichen, Klein- und Großbuchstaben, min. eine Zahl oder ein Sonderzeichen, keine Leerzeichen.']"
			}
		},

That should help.

Reply

0 CK over 1 year ago in reply to lmu

Hello Lukas, ok try this setting.

"InitialPassword": {
			"MinLength": 8,
			"IsComplex": true,
			"IsMasked": true,
			"Constraints": {
				"ValidationRule": "[^\\s]*",
				"ValidationInformation": "['en-us:At least 8 characters, uppercase and lowercase letters, at least one digit or a special character. Spaces are not allowed.', 'de-de:Min. 8 Zeichen, Klein- und Großbuchstaben, min. eine Zahl oder ein Sonderzeichen, keine Leerzeichen.']"
			}
		},

That should help.

Children

No Data