Disabling the default Windows password filter

Normally when a custom password filter is installed, it replaces the Windows password filter or even the entire logon process. When a log on is attempted, Windows looks at all valid password filters, so preventing the use of its own is important if you want to rely on yours entirely . I'm going to assume you have already written your own, though you can find an example script here. Microsoft also reveals its own passfilt.dll and instructions on how to write and use your own filter.

Download this free guide

72-Page PDF: Windows 10 Frequently Asked Questions

In this comprehensive guide, our experts answer the most frequently asked Windows 10 questions ranging from the OS itself, to migration, to user-adoption, and everything in between.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Now, to prevent Windows from using passfilt.dll simply requires setting the password policy to NOT require complexity. This setting is at "Windows Settings/Security Settings/Password Policy/Password must meet complexity requirements." Simply change it to disabled if it is enabled. If your password filter is also checking for password size, history and other Windows password settings, you can set them to null here as well. I wouldn't, however, change the "Store passwords using reversible encryption" setting. It's disabled by default for a reason. It allows storing passwords in an easily recoverable form. This is required by some classic non-Windows clients, and that's why its available. It is generally used as a user account variable and not as a system wide variable and only if necessary.