To install and enable a custom password filter in a Windows 2000 domain, a
copy of
the password filter DLL must installed and registered on each domain
controller.
All password filters are called every time a password is changed; this means
that a
password must satisfy every filter for the password change to succeed.
To install and register a password filter DLL:
Copy your password filter DLL to the %SYSTEMROOT%\System32 folder.
Register your password filter DLL by appending the name of the DLL file
(without
the .DLL extension) to the Notification Packages REG_MULTI_SZ value in the
following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
For example, if the name of your DLL is MYDLL.DLL, you would add MYDLL to
the
list.
If you wish to use the custom password filter instead of Windows 2000's
inbuilt
password complexity checking feature, you also need to disable Windows
password
complexity checking:
From the Account Policies section of the Group Policy editor or the Local
Security
Policy MMC, disable the policy "Password must meet complexity requirements".
Restart the computer. This is necessary to cause the custom DLL to be
loaded.
For information on how to develop a custom password filter DLL, please see
the
following article in the Microsoft Knowledge Base:
Q151082 Password Change Filtering And Notification in Windows NT
