How to require special characters in passwords for users in DLP Enforce Console
search cancel

How to require special characters in passwords for users in DLP Enforce Console

book

Article ID: 267372

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

As a security requirement in your organization you need the password requirements for users created in the Enforce Console to require special characters. This article describes the process how to achieve this. In this example the password will require exclamation "!" or question marks "?" in the password.

 

This is only applicable to environments where Kerberos authentication is not enabled. In such case the passwords and their requirements are fully managed by the connected Active Directory server.

Environment

15.8 or higher

Resolution

1. First of all it is necessary to enable "Require Strong Password" in the Enforce server settings. To do so navigate to System -> Settings -> General and hit "Configure", locate and mark the checkbox next to "Require Strong Password" in the "DLP User Authentication" section of the settings and save the changes.

2. On the Enforce server navigate to the following default path:

<Install Drive>\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config.

3. Open password passwordenforcement.properties in a text editor. Before making any changes to the files it is recommended to make a backup copy of it.

4. Scroll down to the bottom of the file and add the following lines:

#Special characters
com.vontu.manager.password.constraint.6.validation=positive
com.vontu.manager.password.constraint.6.re=[!?]
com.vontu.manager.password.constraint.6.message=Password must contain at least 1 special character.

 

The first line "com.vontu.manager.password.constraint.6.validation=positive" informs the application that the characters in the second line "com.vontu.manager.password.constraint.6.re=[!?]" are required. To disallow characters the property can be set to "negative". The second line contains a list of required characters in regex format. In this example [!?] translates to any 1 of the characters that are present in the square brackets, so ! or ?. The list can be extended by adding more special characters in the brackets, so for example to require additionally a dot "." and the at (mail) sign "@" it would look like so [!?.@].

The last line "com.vontu.manager.password.constraint.6.message=Password must contain at least 1 special character." contains the message that will be displayed during user creation or changing password when the requirement/constraint is not met - so required characters are not present in the entered password.

 

Note: If passwordenforcement.properties was already modified in your organization and other requirements as the default were already added then the number that comes after ".constraint." needs to be incremented by +1 as the previous existing entry in the bottom of the file. By default the last requirement is that the password cannot contain 2 same consecutive characters and it is constraint.5, so special characters in this example come next constraint.6.

 

5. Once the changes to the file are done save it.

6. To apply the changes it is necessary to restart the "Symantec DLP Manager Service" service on the Enforce server.

 

Should any issue occur after making the changes to the file remove the newly added lines and save the file, or restore a backup of the file and restart the same service once more.

 

Powered by Wolken Software