ManageEngine Unveils Granular Password Policy Enforcer for Active Directory, Cloud Applications

New Complexity Rules Help Organizations Improve Password Security, Ward Off Hackers

  • Allows multiple granular password policies in a single Active Directory domain
  • Protects against modern hacking methods
  • Centralizes password policy across on-premises Active Directory and cloud applications
  • Download a 30-day, free trial of ADSelfService Plus at

PLEASANTON, Calif. - March 8, 2017 - ManageEngine, the real-time IT management company, today announced the addition of the password policy enforcer in ADSelfService Plus, its integrated self-service password management and single sign-on solution. Available immediately, the new feature gives IT admins eight new advanced password policy rules to improve password security and ward off hackers. It also lets admins create multiple password policies for a single Active Directory domain and assign them to groups and organizational units (OUs) separately.

Click to this news.

The basic Windows password policy controls have not changed since Windows Server 2000. Meanwhile, hackers have found sophisticated methods to crack passwords and breach security at companies such as Sony, LinkedIn and Yahoo. Using a single group policy-based password policy for the entire domain burdens all users, regardless of their network privileges, with complex passwords that are difficult to remember or with weak passwords that are prone to attack. Even the fine-grained password policies introduced in Windows Server 2008 fail to provide additional security measures and cannot be applied to OUs in Active Directory.

"Compared to Windows native policies, the advanced password policies that admins can create in ADSelfService Plus are far more secure and can be enforced on groups and OUs, making it easy to strike a balance between security and usability," said Parthiban Paramasivam, director of product management for ADSelfService Plus at ManageEngine. "By enabling the password synchronization feature, both the on-premises Active Directory and the cloud applications can be safeguarded by a centralized password policy."

New Rules for Improved Password Security

The ADSelfService Plus password policy enforcer feature is designed to protect users against the most common attack methods, such as dictionary attacks, brute force attacks, pattern attacks and rainbow table attacks. Following are the highlights of the new feature:

Dictionary rule: Blocks passwords that contain entries from both language dictionaries and hacker dictionaries.

Keyboard patterns: Forbids the usage of common keyboard patterns such as QWERTY, 12345, ASDFGH, etc.

Repeating patterns: Bans passwords containing characters that are repeated consecutively, consecutive characters from username and old password, and palindromes.

Multiple complexity enhancements: Allows IT admins to enforce both lowercase and uppercase letters, specify the exact number of special characters and digits required, make Unicode characters mandatory, and more.

Implement policy on Ctrl + Alt + Del screen: Enforces ADSelfService password policies when users change their passwords through the Ctrl + Alt + Del screen and when admins reset users' passwords from within the Active Directory Users and Computers console.

Display password requirements to end users: Helps users create a compliant password by displaying the exact password policy requirements; shows password rules during self-password reset in the self-service portal and during password change on the Ctrl + Alt + Del screen.

IT admins can also use ADSelfService Plus to govern user accounts in Windows Active Directory, Office 365, Google Apps, Salesforce and other cloud applications with a single password policy. Now, when users log on to cloud applications, they are free to choose a weaker password because the password policy controls in Active Directory do not automatically apply. With the password synchronization feature in ADSelfService Plus, IT admins can bring various cloud applications under the purview of the granular password policy they have enabled for Active Directory domains. ADSelfService Plus can notify users of password expiration well in advance and ensure passwords are updated in a timely manner.

Pricing and availability

ADSelfService Plus pricing starts at $595 per year for 500 users. A fully functional, 30-day trial version is available at

About ADSelfService Plus

ADSelfService Plus is an integrated Active Directory self-service password management and single sign-on solution. It offers password self-service, password expiration reminders, a self-service directory updater, a multi-platform password synchronizer, and single sign-on for cloud applications. Use the ADSelfService Plus Android and iPhone mobile apps to facilitate self-service for end users anywhere at any time. ADSelfService Plus supports the IT help desk by reducing password reset tickets and spares end users the frustration caused by computer downtime. For more information, please visit

About ManageEngine

ManageEngine delivers the real-time IT management tools that empower IT teams to meet organizational needs for real-time services and support. Worldwide, established and emerging enterprises - including more than 60 percent of the Fortune 500 - rely on ManageEngine products to ensure the optimal performance of their critical IT infrastructure, including networks, servers, applications, desktops and more. ManageEngine is a division of Zoho Corporation with offices worldwide, including the United States, India, Singapore, Japan and China. For more information, please visit; follow the company blog at, on Facebook at and on Twitter @ManageEngine.

Media Contact:

Ahana Govinda
Follow us on Twitter: @manageengine