What is a one sentence summary of your feature request?
Include only special characters
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
We must allow only @ # $ special characters on password.
If a user type ANY other special characters ! % & * etc, the password must be rejected even if there is one of the allowed characters.
If the password has one of @ # $ ACCEPTS;
If the password has one of @ # $ PLUS * REJECTS;
If the password has one of @ # $ PLUS ! REJECTS;
etc
If the password doesnât have one of @ # $ REJECTS;
It is impossible to use NOT CONTAIN and include ALL characters that are not @ # $
How do you currently solve the challenges you have by not having this feature?
I would also like to see this feature added. Having an option to âwhitelistâ ONLY specific characters in any of the character sets, not just ârequiredâ characters, would solve some challenges we have as well.
Hi @gabrielfolgado and @kenneth.williams. Thanks for taking the time to post your request. PPE can already do this, but the configuration is not intuitive. The configuration looks like this:
Specifying ânot containâ for high characters will reject all characters above ANSI 126. This will unfortunately also reject many characters from some languages, so it may not be a suitable solution in all cases.
Finally, the custom character set is configured to reject all other special characters up to ANSI 126:
When combined, these rules will require an @, # or $ character, but will reject passwords containing any other special characters. Your requirement is a little more complicated though because you want to limit it to a single instance of these three characters. This is possible, but the value you need to set is not currently exposed in the UI. As it is an undocumented feature, it would be best if you open a ticket to get the details. Please ask for instructions on how to set 240MAXCOUNT to 1 for a policy and refer to this post.
Here are some examples of this configuration being tested after setting 240MAXCOUNT to 1.
But I need to include all other characters that are not @ # $ to the field NOT CONTAIN. That is what I said in the topic:
âIt is impossible to use NOT CONTAIN and include ALL characters that are not @ # $â
I was on Zoom yesterday with Tiffany and she suggested me to create the idea to enhance the product.
Specifying ânot containâ for high characters automatically blocks everything above ANSI 126. The âbanned specialâ / custom character set that I defined blocks all the other special characters up to ANSI 126 that are likely to be typed on a US keyboard: !"%&'()*+,-./:;<=>?[\]^_`{|}~
I see what youâre saying, but I think the main request is still valid in that it would sure be a lot simpler to add an option, like a checkbox for âExclude Otherâ in the Special character âcontainsâ requirement or a WhiteList entry for the ânot containsâ option, instead of using a convoluted method to accomplish it. I do appreciate the long way to get there, but a simpler UI method would be easier to administer. Thanks for the insight.
P.S. still waiting on PPE to be certified for Server 2025, btw
My reply wasnât intended to suggest that the request is without merit. I agree that it would be nice to have a simpler way to configure this, but code changes take time. Itâs also not something that I can promise as I am no longer involved in the day-to-day development of PPE. The proposed solution can be used right now. Itâs not intuitive, but it can be configured in a few minutes.
P.S. still waiting on PPE to be certified for Server 2025, btw
Ouch! I checked this for you, and compatibility with Server 2025 is being tested. Official support is planned for PPE 11.1. Unfortunately I donât have an ETA yet.