Open TaraMHammond opened 1 week ago
ryanries
commented
1 week ago Generally speaking yes, all DCs should be updated. You shouldn't have some DCs with the filter and some without. There is ETW logging documented in the readme, and there is also the test program you can use to test the filter with, you can run the test program on any PC, it doesn't even have to be a domain controller.
ryanries
commented
1 week ago @TaraMHammond I also just released a new version, 1.3.21 TODAY that adds a couple of new things. Please try the new release and let me know the results. You might also try the new text file debug log if you need it.
ConnorAJ
commented
6 days ago I have tried 2 different versions of this file (1.2.20 and 1.3.231.2). I am using 2012 r2 and 2022. 2 files are located in the windows\system32 folder. There is an entry in the Lsa and HKLM\SOFTWARE\PassFiltEx registry. Three domain controllers have been rebooted. But there is no DLL entry in the task list output and there were no problems entering the password (AdminAdmin1234). Can you tell me where and what the problems may be? Thank you.
ryanries
commented
6 days ago @ConnorAJ If there is nothing found in the tasklist /m PassFiltEx.dll output, that means the password filter is not loaded. This could be for a couple different reasons. First check your System event log and see if there is an error message from LSA that might indicate a reason for the attempted module loading failure. Make sure you are not using RunAsPPL (since the DLL is not signed, LSA will not load an unsigned module if RunAsPPL is turned on.)
ConnorAJ
commented
5 days ago @ryanries An interesting idea, I'll check it out and let you know Thanks
ConnorAJ
commented
5 days ago @ryanries Yes, this option helped solve the problem, but the data is still not displayed in the tasklist Thanks
ryanries
commented
4 days ago @ConnorAJ So the problem is fixed?
ConnorAJ
commented
4 days ago @ryanries Yes, of course but the tasklist still does not show the load of the DLL
TaraMHammond
commented
4 days ago I had to manually add the registry entries for it to load. I'll add the registry and reboot the other DC's this weekend and let you know.
I've tried 2 different versions of this. I'm running 2012 r2. The 2 files are in windows\system32. The registry entry is in place. The DC has been rebooted. I tried changing a password to one that is exactly in the file and it let me. Do all domain controllers have to be updated before it works? I'm not seeing any errors in the event log. Is there anything I can check?