Characters (Granular)

What is a one sentence summary of your feature request?

Include only special characters

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

We must allow only @ # $ special characters on password.
If a user type ANY other special characters ! % & * etc, the password must be rejected even if there is one of the allowed characters.

If the password has one of @ # $ ACCEPTS;
If the password has one of @ # $ PLUS * REJECTS;
If the password has one of @ # $ PLUS ! REJECTS;
etc
If the password doesn’t have one of @ # $ REJECTS;

It is impossible to use NOT CONTAIN and include ALL characters that are not @ # $

How do you currently solve the challenges you have by not having this feature?

We just deployed Netwrix (this past weekend)

1 Like

I would also like to see this feature added. Having an option to “whitelist” ONLY specific characters in any of the character sets, not just “required” characters, would solve some challenges we have as well.

1 Like

Hi @gabrielfolgado and @kenneth.williams. Thanks for taking the time to post your request. PPE can already do this, but the configuration is not intuitive. The configuration looks like this:

The Special character set is defined like this to include the characters that you want:

Specifying “not contain” for high characters will reject all characters above ANSI 126. This will unfortunately also reject many characters from some languages, so it may not be a suitable solution in all cases.

Finally, the custom character set is configured to reject all other special characters up to ANSI 126:

When combined, these rules will require an @, # or $ character, but will reject passwords containing any other special characters. Your requirement is a little more complicated though because you want to limit it to a single instance of these three characters. This is possible, but the value you need to set is not currently exposed in the UI. As it is an undocumented feature, it would be best if you open a ticket to get the details. Please ask for instructions on how to set 240MAXCOUNT to 1 for a policy and refer to this post.

Here are some examples of this configuration being tested after setting 240MAXCOUNT to 1.

image

image

image

image

image

image

2 Likes

But I need to include all other characters that are not @ # $ to the field NOT CONTAIN. That is what I said in the topic:

“It is impossible to use NOT CONTAIN and include ALL characters that are not @ # $”
I was on Zoom yesterday with Tiffany and she suggested me to create the idea to enhance the product.

Specifying “not contain” for high characters automatically blocks everything above ANSI 126. The “banned special” / custom character set that I defined blocks all the other special characters up to ANSI 126 that are likely to be typed on a US keyboard: !"%&'()*+,-./:;<=>?[\]^_`{|}~

I see what you’re saying, but I think the main request is still valid in that it would sure be a lot simpler to add an option, like a checkbox for “Exclude Other” in the Special character “contains” requirement or a WhiteList entry for the “not contains” option, instead of using a convoluted method to accomplish it. I do appreciate the long way to get there, but a simpler UI method would be easier to administer. Thanks for the insight.
P.S. still waiting on PPE to be certified for Server 2025, btw :wink:

2 Likes

My reply wasn’t intended to suggest that the request is without merit. I agree that it would be nice to have a simpler way to configure this, but code changes take time. It’s also not something that I can promise as I am no longer involved in the day-to-day development of PPE. The proposed solution can be used right now. It’s not intuitive, but it can be configured in a few minutes.

P.S. still waiting on PPE to be certified for Server 2025, btw :wink:

Ouch! I checked this for you, and compatibility with Server 2025 is being tested. Official support is planned for PPE 11.1. Unfortunately I don’t have an ETA yet.

1 Like