December 31, 1969
December 31, 1969


Disable nFront Password Filter on all domain controllers


If you experience a production problem and wish to disable the filter on all DCs you can do so via the nFront GPO (takes up to 15 minutes) or via script (takes less than 1 minute).  

Affected Products

Disable via Script:

The nFront Password Filter is disabled by one registry value.  Below are the values for the Single Policy Edition (SPE) and Multiple Policy Edition (MPE). 



HKLM\Software\Policies\Altus\PassfiltPro\bypassFilter, REG_DWORD (32-bit), value=1



HKLM\Software\Policies\Altus\PassfiltProMPE\bypassFilter, REG_DWORD (32-bit), value=1



To create a script to disable the software on a specific DC copy the following text into a file and save as "disableNPF.bat"


REG ADD \\%1\HKLM\Software\Policies\Altus\PassfiltProMPE /v bypassFilter /t REG_DWORD /d 1


**MPE version used in example, change to "PassfiltPro" for SPE version


You can then run the batch file from the command line and supply the name of the DC as the first parameter.  For example if you have a DC named XYZDC1 you would type:

disableNPF XYZDC1

Disable via GPO:

Open the GPO that is used to control the nFront software.  Navigate to Computer Configuration + Policies + Administrative Templates + Classic Administrative Templates (ADM) + nFront Password Filter - MPE.

Upgrading versions

Double click the General Configuration policy to edit it.  Check the box to "Bypass Password Filtering."  Within 15 minutes the registry setting will replicate among all domain controllers and the nFront system will be bypassed for all password changes. 

Upgrading versions