Problems to update the PWD List

lithnet / ad-password-protection

Active Directory password filter featuring breached password checking and custom complexity rules

MIT License

490 stars 52 forks source link

Problems to update the PWD List #116

Closed Gen-log closed 9 months ago

Gen-log commented 10 months ago

I've downloded the newest haveibeenpwd password list, via haveibeenpwned-downloader. When I try to update the list on my DC I get this error:

Import-CompromisedPasswordHashes : The file that is to be replaced cannot be removed.

Import-CompromisedPasswordHashes -Filename "x:\temp\pwnedpasswords_nt ...


+ CategoryInfo          : NotSpecified: (:) [Import-CompromisedPasswordHashes], IOException
+ FullyQualifiedErrorId : System.IO.IOException,Lithnet.ActiveDirectory.PasswordProtection.PowerShell.ImportCompro
misedPasswordHashes

ryannewington commented 10 months ago

It sounds like something has locked open the files in the store folder. If you are using dfs-r make sure you pause replication. Otherwise you could try an AV exclusion for the store folder. If that doesn't work you may need to resort to using something like procmon to determine what process is accessing the store files so you can stop it.

FYI the latest version of LPP has a sync-hashesfromhibp cmdlet to import directly without having to use the hibp import tool.

Gen-log commented 10 months ago

ok - I already checked the AV Software, but will check it again.

sync-hashesfromhibp

WOW! That's what I'm searching for! Thanks!

stale[bot] commented 10 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.