From: Johann Meier on
Hello,

our company has developed a setup assistent for our Products (it starts
the Setup file of the Client Software, installs and configures a
SQL-Express Database Server instance for our product and attaches the
Database of our product to the sql-server instance).

All parameters (such as SQL-Server instance name or the name of the
Database) are currently completely validated inside the Setup asssistent
to prevent a crash of the SQL-Server setup while running with the /QS
parameter (shows progress UI but prevents user interaction).

Today we noticed that the MS-SQL Server Setup fails when the password
passed by the command line does not match to the password policy of the
domain controller.

I see two possible way's to solve this problem:
1. There is a way to disable the password check against the security
policy (local/domain) by command line (I have found posts of other
peoples with the same problem, but in none of the threads someone was
able to provide a solution for this problem)

2. We integrate the same security check of the password against the
security policy of the system/domain into the validation mechanisms of
our setup assistent to prevent the user from typing in an invalid
password. I already googled about this topic and have found the
following page:

http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/thread/a378359c-388d-4dbb-919f-73ec10025f56/

It looks like the SQL-Server uses the API Procedure
"NetValidatePasswordPolicy" to validate passwords against the domain
policy. The documentation of the Procedure was not very helpful for me.
For example the procedure has three modes of operation
(NetValidateAuthentication, NetValidatePasswordChange,
NetValidatePasswordReset) and I have no idea which mode I have to use
for performing the same password check as the SQL-Server Setup is doing
it. And even when I knew it, I have no idea how to construct the
convoluted data structures the procedure is expecting as input parameter.

I would be very thankful for any ideas how to get this to work.


Greetings from Germany,

Johann
From: Bastian Krauß on
Hi,

> It looks like the SQL-Server uses the API Procedure
> "NetValidatePasswordPolicy" to validate passwords against the domain
> policy. The documentation of the Procedure was not very helpful for me.
> For example the procedure has three modes of operation
> (NetValidateAuthentication, NetValidatePasswordChange,
> NetValidatePasswordReset) and I have no idea which mode I have to use
> for performing the same password check as the SQL-Server Setup is doing
> it. And even when I knew it, I have no idea how to construct the
> convoluted data structures the procedure is expecting as input parameter.

our company had a similar Problem. We solved it with an unmanaged C++
Wrapper.

1. Create an new "Visual C++ > CLR > Class library" Project in your
Visual Studio 2008.
2. Rename the Class that was included in the template to
"PasswordValidator" (Rename the .h and the .cpp file)
3. Paste following code to the .h file:
// PasswordValidator.h

#pragma once

using namespace System;

namespace isadpvl
{
public ref class PasswordValidator
{
public :int ValidatePassword(System::String ^paramPassword)
{
pin_ptr<const wchar_t> wchDomain = PtrToStringChars(paramPassword);

size_t convertedCharsPassword = 0;
size_t sizeInBytesPassword = ((paramPassword->Length + 1) * 2);
errno_t errPassword = 0;
char *chPassword = (char *)malloc(sizeInBytesPassword);

errPassword = wcstombs_s(&convertedCharsPassword,
chPassword, sizeInBytesPassword,
wchDomain, sizeInBytesPassword);

if (errPassword != 0)
throw gcnew Exception("Passwort konnte nicht konvertiert werden");

// first, find out the required buffer size, in wide characters
int nPasswordSize = MultiByteToWideChar(CP_ACP, 0, chPassword, -1,
NULL, 0);

LPWSTR wPassword = new WCHAR[nPasswordSize];

// call again to make the conversion
MultiByteToWideChar(CP_ACP, 0, chPassword, -1, wPassword, nPasswordSize);


NET_API_STATUS stat;
NET_VALIDATE_PASSWORD_CHANGE_INPUT_ARG InputArg = {0};
NET_VALIDATE_OUTPUT_ARG* pOutputArg = NULL;
wchar_t* wzServer = 0;
//wchar_t wzPwd = chPassword;
InputArg.ClearPassword = wPassword;
InputArg.PasswordMatch = TRUE;
stat = NetValidatePasswordPolicy(wzServer, NULL,
NetValidatePasswordChange, &InputArg, (void**)&pOutputArg);

NET_API_STATUS intStatus = pOutputArg->ValidationStatus;

NetValidatePasswordPolicyFree((void**)&pOutputArg);
delete []wPassword;

return intStatus;
}
};
}

4. Paste following code to the .cpp file:
#include "stdafx.h"

#include <windows.h>

#include <lm.h>

#include <stdio.h>
#include < vcclr.h >

#pragma comment(lib, "Netapi32.lib")

#include "PasswordValidator.h"

6. Compile the code for 32 and 64 bit in release mode and copy the two
dlls to the directory of your binary (in our case isadpvl32.dll and
isadpvl64.dll)

5. Create in your VB.NET Project a new Class with the name
Win2k3AndHigherPasswordValidator and insert following code.
Imports System.IO
Imports System.Reflection

Namespace PasswordValidators
Public Class Win2k3AndHigherPasswordValidator
Private prvInnerValidator As Object

#Region "Result Enum"
Private Enum enmResult
NERR_Success = 0
' <summary> 2100 - The base code for network errors. </summary>
NERR_Base = 2100
' <summary> 2102 - The workstation driver is not installed.
</summary>
NERR_NetNotStarted = 2102
' <summary> 2103 - The server could not be located. </summary>
NERR_UnknownServer = 2103
' <summary> 2104 - An internal error occurred. The network
cannot access a shared memory segment. </summary>
NERR_ShareMem = 2104
' <summary> 2105 - A network resource shortage occurred.
</summary>
NERR_NoNetworkResource = 2105
' <summary> 2106 - This operation is not supported on
workstations. </summary>
NERR_RemoteOnly = 2106
' <summary> 2107 - The device is not connected. </summary>
NERR_DevNotRedirected = 2107
' <summary> 2114 - The Server service is not started.
</summary>
NERR_ServerNotStarted = 2114
' <summary> 2115 - The queue is empty. </summary>
NERR_ItemNotFound = 2115
' <summary> 2116 - The device or directory does not exist.
</summary>
NERR_UnknownDevDir = 2116
' <summary> 2117 - The operation is invalid on a redirected
resource. </summary>
NERR_RedirectedPath = 2117
' <summary> 2118 - The name has already been shared. </summary>
NERR_DuplicateShare = 2118
' <summary> 2119 - The server is currently out of the
requested resource. </summary>
NERR_NoRoom = 2119
' <summary> 2121 - Requested addition of items exceeds the
maximum allowed. </summary>
NERR_TooManyItems = 2121
' <summary> 2122 - The Peer service supports only two
simultaneous users. </summary>
NERR_InvalidMaxUsers = 2122
' <summary> 2123 - The API return buffer is too small.
</summary>
NERR_BufTooSmall = 2123
' <summary> 2127 - A remote API error occurred. </summary>
NERR_RemoteErr = 2127
' <summary> 2131 - An error occurred when opening or
reading the configuration file. </summary>
NERR_LanmanIniError = 2131
' <summary> 2136 - A general network error occurred. </summary>
NERR_NetworkError = 2136
' <summary> 2137 - The Workstation service is in an
inconsistent state. Restart the computer before restarting the
Workstation service. </summary>
NERR_WkstaInconsistentState = 2137
' <summary> 2138 - The Workstation service has not been
started. </summary>
NERR_WkstaNotStarted = 2138
' <summary> 2139 - The requested information is not
available. </summary>
NERR_BrowserNotStarted = 2139
' <summary> 2140 - An internal error occurred. </summary>
NERR_InternalError = 2140
' <summary> 2141 - The server is not configured for
transactions. </summary>
NERR_BadTransactConfig = 2141
' <summary> 2142 - The requested API is not supported on
the remote server. </summary>
NERR_InvalidAPI = 2142
' <summary> 2143 - The event name is invalid. </summary>
NERR_BadEventName = 2143
' <summary> 2144 - The computer name already exists on the
network. Change it and restart the computer. </summary>
NERR_DupNameReboot = 2144
' <summary> 2146 - The specified component could not be
found in the configuration information. </summary>
NERR_CfgCompNotFound = 2146
' <summary> 2147 - The specified parameter could not be
found in the configuration information. </summary>
NERR_CfgParamNotFound = 2147
' <summary> 2149 - A line in the configuration file is too
long. </summary>
NERR_LineTooLong = 2149
' <summary> 2150 - The printer does not exist. </summary>
NERR_QNotFound = 2150
' <summary> 2151 - The print job does not exist. </summary>
NERR_JobNotFound = 2151
' <summary> 2152 - The printer destination cannot be found.
</summary>
NERR_DestNotFound = 2152
' <summary> 2153 - The printer destination already exists.
</summary>
NERR_DestExists = 2153
' <summary> 2154 - The printer queue already exists. </summary>
NERR_QExists = 2154
' <summary> 2155 - No more printers can be added. </summary>
NERR_QNoRoom = 2155
' <summary> 2156 - No more print jobs can be added. </summary>
NERR_JobNoRoom = 2156
' <summary> 2157 - No more printer destinations can be
added. </summary>
NERR_DestNoRoom = 2157
' <summary> 2158 - This printer destination is idle and
cannot accept control operations. </summary>
NERR_DestIdle = 2158
' <summary> 2159 - This printer destination request
contains an invalid control function. </summary>
NERR_DestInvalidOp = 2159
' <summary> 2160 - The print processor is not responding.
</summary>
NERR_ProcNoRespond = 2160
' <summary> 2161 - The spooler is not running. </summary>
NERR_SpoolerNotLoaded = 2161
' <summary> 2162 - This operation cannot be performed on
the print destination in its current state. </summary>
NERR_DestInvalidState = 2162
' <summary> 2163 - This operation cannot be performed on
the printer queue in its current state. </summary>
NERR_QinvalidState = 2163
' <summary> 2164 - This operation cannot be performed on
the print job in its current state. </summary>
NERR_JobInvalidState = 2164
' <summary> 2165 - A spooler memory allocation failure
occurred. </summary>
NERR_SpoolNoMemory = 2165
' <summary> 2166 - The device driver does not exist. </summary>
NERR_DriverNotFound = 2166
' <summary> 2167 - The data type is not supported by the
print processor. </summary>
NERR_DataTypeInvalid = 2167
' <summary> 2168 - The print processor is not installed.
</summary>
NERR_ProcNotFound = 2168
' <summary> 2180 - The service database is locked. </summary>
NERR_ServiceTableLocked = 2180
' <summary> 2181 - The service table is full. </summary>
NERR_ServiceTableFull = 2181
' <summary> 2182 - The requested service has already been
started. </summary>
NERR_ServiceInstalled = 2182
' <summary> 2183 - The service does not respond to control
actions. </summary>
NERR_ServiceEntryLocked = 2183
' <summary> 2184 - The service has not been started. </summary>
NERR_ServiceNotInstalled = 2184
' <summary> 2185 - The service name is invalid. </summary>
NERR_BadServiceName = 2185
' <summary> 2186 - The service is not responding to the
control function. </summary>
NERR_ServiceCtlTimeout = 2186
' <summary> 2187 - The service control is busy. </summary>
NERR_ServiceCtlBusy = 2187
' <summary> 2188 - The configuration file contains an
invalid service program name. </summary>
NERR_BadServiceProgName = 2188
' <summary> 2189 - The service could not be controlled in
its present state. </summary>
NERR_ServiceNotCtrl = 2189
' <summary> 2190 - The service ended abnormally. </summary>
NERR_ServiceKillProc = 2190
' <summary> 2191 - The requested pause or stop is not valid
for this service. </summary>
NERR_ServiceCtlNotValid = 2191
' <summary> 2192 - The service control dispatcher could not
find the service name in the dispatch table. </summary>
NERR_NotInDispatchTbl = 2192
' <summary> 2193 - The service control dispatcher pipe read
failed. </summary>
NERR_BadControlRecv = 2193
' <summary> 2194 - A thread for the new service could not
be created. </summary>
NERR_ServiceNotStarting = 2194
' <summary> 2200 - This workstation is already logged on to
the local-area network. </summary>
NERR_AlreadyLoggedOn = 2200
' <summary> 2201 - The workstation is not logged on to the
local-area network. </summary>
NERR_NotLoggedOn = 2201
' <summary> 2202 - The user name or group name parameter is
invalid. </summary>
NERR_BadUsername = 2202
' <summary> 2203 - The password parameter is invalid.
</summary>
NERR_BadPassword = 2203
' <summary> 2204 - @W The logon processor did not add the
message alias. </summary>
NERR_UnableToAddName_W = 2204
' <summary> 2205 - The logon processor did not add the
message alias. </summary>
NERR_UnableToAddName_F = 2205
' <summary> 2206 - @W The logoff processor did not delete
the message alias. </summary>
NERR_UnableToDelName_W = 2206
' <summary> 2207 - The logoff processor did not delete the
message alias. </summary>
NERR_UnableToDelName_F = 2207
' <summary> 2209 - Network logons are paused. </summary>
NERR_LogonsPaused = 2209
' <summary> 2210 - A centralized logon-server conflict
occurred. </summary>
NERR_LogonServerConflict = 2210
' <summary> 2211 - The server is configured without a valid
user path. </summary>
NERR_LogonNoUserPath = 2211
' <summary> 2212 - An error occurred while loading or
running the logon script. </summary>
NERR_LogonScriptError = 2212
' <summary> 2214 - The logon server was not specified. Your
computer will be logged on as STANDALONE. </summary>
NERR_StandaloneLogon = 2214
' <summary> 2215 - The logon server could not be found.
</summary>
NERR_LogonServerNotFound = 2215
' <summary> 2216 - There is already a logon domain for this
computer. </summary>
NERR_LogonDomainExists = 2216
' <summary> 2217 - The logon server could not validate the
logon. </summary>
NERR_NonValidatedLogon = 2217
' <summary> 2219 - The security database could not be
found. </summary>
NERR_ACFNotFound = 2219
' <summary> 2220 - The group name could not be found.
</summary>
NERR_GroupNotFound = 2220
' <summary> 2221 - The user name could not be found. </summary>
NERR_UserNotFound = 2221
' <summary> 2222 - The resource name could not be found.
</summary>
NERR_ResourceNotFound = 2222
' <summary> 2223 - The group already exists. </summary>
NERR_GroupExists = 2223
' <summary> 2224 - The user account already exists. </summary>
NERR_UserExists = 2224
' <summary> 2225 - The resource permission list already
exists. </summary>
NERR_ResourceExists = 2225
' <summary> 2226 - This operation is only allowed on the
primary domain controller of the domain. </summary>
NERR_NotPrimary = 2226
' <summary> 2227 - The security database has not been
started. </summary>
NERR_ACFNotLoaded = 2227
' <summary> 2228 - There are too many names in the user
accounts database. </summary>
NERR_ACFNoRoom = 2228
' <summary> 2229 - A disk I/O failure occurred. </summary>
NERR_ACFFileIOFail = 2229
' <summary> 2230 - The limit of 64 entries per resource was
exceeded. </summary>
NERR_ACFTooManyLists = 2230
' <summary> 2231 - Deleting a user with a session is not
allowed. </summary>
NERR_UserLogon = 2231
' <summary> 2232 - The parent directory could not be
located. </summary>
NERR_ACFNoParent = 2232
' <summary> 2233 - Unable to add to the security database
session cache segment. </summary>
NERR_CanNotGrowSegment = 2233
' <summary> 2234 - This operation is not allowed on this
special group. </summary>
NERR_SpeGroupOp = 2234
' <summary> 2235 - This user is not cached in user accounts
database session cache. </summary>
NERR_NotInCache = 2235
' <summary> 2236 - The user already belongs to this group.
</summary>
NERR_UserInGroup = 2236
' <summary> 2237 - The user does not belong to this group.
</summary>
NERR_UserNotInGroup = 2237
' <summary> 2238 - This user account is undefined. </summary>
NERR_AccountUndefined = 2238
' <summary> 2239 - This user account has expired. </summary>
NERR_AccountExpired = 2239
' <summary> 2240 - The user is not allowed to log on from
this workstation. </summary>
NERR_InvalidWorkstation = 2240
' <summary> 2241 - The user is not allowed to log on at
this time. </summary>
NERR_InvalidLogonHours = 2241
' <summary> 2242 - The password of this user has expired.
</summary>
NERR_PasswordExpired = 2242
' <summary> 2243 - The password of this user cannot change.
</summary>
NERR_PasswordCantChange = 2243
' <summary> 2244 - This password cannot be used now. </summary>
NERR_PasswordHistConflict = 2244
' <summary> 2245 - The password does not meet the password
policy requirements. Check the minimum password length, password
complexity and password history requirements. </summary>
NERR_PasswordTooShort = 2245
' <summary> 2246 - The password of this user is too recent
to change. </summary>
NERR_PasswordTooRecent = 2246
' <summary> 2247 - The security database is corrupted.
</summary>
NERR_InvalidDatabase = 2247
' <summary> 2248 - No updates are necessary to this
replicant network/local security database. </summary>
NERR_DatabaseUpToDate = 2248
' <summary> 2249 - This replicant database is outdated
synchronization is required. </summary>
NERR_SyncRequired = 2249
' <summary> 2250 - The network connection could not be
found. </summary>
NERR_UseNotFound = 2250
' <summary> 2251 - This asg_type is invalid. </summary>
NERR_BadAsgType = 2251
' <summary> 2252 - This device is currently being shared.
</summary>
NERR_DeviceIsShared = 2252
' <summary> 2270 - The computer name could not be added as
a message alias. The name may already exist on the network. </summary>
NERR_NoComputerName = 2270
' <summary> 2271 - The Messenger service is already
started. </summary>
NERR_MsgAlreadyStarted = 2271
' <summary> 2272 - The Messenger service failed to start.
</summary>
NERR_MsgInitFailed = 2272
' <summary> 2273 - The message alias could not be found on
the network. </summary>
NERR_NameNotFound = 2273
' <summary> 2274 - This message alias has already been
forwarded. </summary>
NERR_AlreadyForwarded = 2274
' <summary> 2275 - This message alias has been added but is
still forwarded. </summary>
NERR_AddForwarded = 2275
' <summary> 2276 - This message alias already exists
locally. </summary>
NERR_AlreadyExists = 2276
' <summary> 2277 - The maximum number of added message
aliases has been exceeded. </summary>
NERR_TooManyNames = 2277
' <summary> 2278 - The computer name could not be deleted.
</summary>
NERR_DelComputerName = 2278
' <summary> 2279 - Messages cannot be forwarded back to the
same workstation. </summary>
NERR_LocalForward = 2279
' <summary> 2280 - An error occurred in the domain message
processor. </summary>
NERR_GrpMsgProcessor = 2280
' <summary> 2281 - The message was sent, but the recipient
has paused the Messenger service. </summary>
NERR_PausedRemote = 2281
' <summary> 2282 - The message was sent but not received.
</summary>
NERR_BadReceive = 2282
' <summary> 2283 - The message alias is currently in use.
Try again later. </summary>
NERR_NameInUse = 2283
' <summary> 2284 - The Messenger service has not been
started. </summary>
NERR_MsgNotStarted = 2284
' <summary> 2285 - The name is not on the local computer.
</summary>
NERR_NotLocalName = 2285
' <summary> 2286 - The forwarded message alias could not be
found on the network. </summary>
NERR_NoForwardName = 2286
' <summary> 2287 - The message alias table on the remote
station is full. </summary>
NERR_RemoteFull = 2287
' <summary> 2288 - Messages for this alias are not
currently being forwarded. </summary>
NERR_NameNotForwarded = 2288
' <summary> 2289 - The broadcast message was truncated.
</summary>
NERR_TruncatedBroadcast = 2289
' <summary> 2294 - This is an invalid device name. </summary>
NERR_InvalidDevice = 2294
' <summary> 2295 - A write fault occurred. </summary>
NERR_WriteFault = 2295
' <summary> 2297 - A duplicate message alias exists on the
network. </summary>
NERR_DuplicateName = 2297
' <summary> 2298 - @W This message alias will be deleted
later. </summary>
NERR_DeleteLater = 2298
' <summary> 2299 - The message alias was not successfully
deleted from all networks. </summary>
NERR_IncompleteDel = 2299
' <summary> 2300 - This operation is not supported on
computers with multiple networks. </summary>
NERR_MultipleNets = 2300
' <summary> 2310 - This shared resource does not exist.
</summary>
NERR_NetNameNotFound = 2310
' <summary> 2311 - This device is not shared. </summary>
NERR_DeviceNotShared = 2311
' <summary> 2312 - A session does not exist with that
computer name. </summary>
NERR_ClientNameNotFound = 2312
' <summary> 2314 - There is not an open file with that
identification number. </summary>
NERR_FileIdNotFound = 2314
' <summary> 2315 - A failure occurred when executing a
remote administration command. </summary>
NERR_ExecFailure = 2315
' <summary> 2316 - A failure occurred when opening a remote
temporary file. </summary>
NERR_TmpFile = 2316
' <summary> 2317 - The data returned from a remote
administration command has been truncated to 64K. </summary>
NERR_TooMuchData = 2317
' <summary> 2318 - This device cannot be shared as both a
spooled and a non-spooled resource. </summary>
NERR_DeviceShareConflict = 2318
' <summary> 2319 - The information in the list of servers
may be incorrect. </summary>
NERR_BrowserTableIncomplete = 2319
' <summary> 2320 - The computer is not active in this
domain. </summary>
NERR_NotLocalDomain = 2320
' <summary> 2321 - The share must be removed from the
Distributed File System before it can be deleted. </summary>
NERR_IsDfsShare = 2321
' <summary> 2331 - The operation is invalid for this
device. </summary>
NERR_DevInvalidOpCode = 2331
' <summary> 2332 - This device cannot be shared. </summary>
NERR_DevNotFound = 2332
' <summary> 2333 - This device was not open. </summary>
NERR_DevNotOpen = 2333
' <summary> 2334 - This device name list is invalid. </summary>
NERR_BadQueueDevString = 2334
' <summary> 2335 - The queue priority is invalid. </summary>
NERR_BadQueuePriority = 2335
' <summary> 2337 - There are no shared communication
devices. </summary>
NERR_NoCommDevs = 2337
' <summary> 2338 - The queue you specified does not exist.
</summary>
NERR_QueueNotFound = 2338
' <summary> 2340 - This list of devices is invalid. </summary>
NERR_BadDevString = 2340
' <summary> 2341 - The requested device is invalid. </summary>
NERR_BadDev = 2341
' <summary> 2342 - This device is already in use by the
spooler. </summary>
NERR_InUseBySpooler = 2342
' <summary> 2343 - This device is already in use as a
communication device. </summary>
NERR_CommDevInUse = 2343
' <summary> 2351 - This computer name is invalid. </summary>
NERR_InvalidComputer = 2351
' <summary> 2354 - The string and prefix specified are too
long. </summary>
NERR_MaxLenExceeded = 2354
' <summary> 2356 - This path component is invalid. </summary>
NERR_BadComponent = 2356
' <summary> 2357 - Could not determine the type of input.
</summary>
NERR_CantType = 2357
' <summary> 2362 - The buffer for types is not big enough.
</summary>
NERR_TooManyEntries = 2362
' <summary> 2370 - Profile files cannot exceed 64K. </summary>
NERR_ProfileFileTooBig = 2370
' <summary> 2371 - The start offset is out of range. </summary>
NERR_ProfileOffset = 2371
' <summary> 2372 - The system cannot delete current
connections to network resources. </summary>
NERR_ProfileCleanup = 2372
' <summary> 2373 - The system was unable to parse the
command line in this file. </summary>
NERR_ProfileUnknownCmd = 2373
' <summary> 2374 - An error occurred while loading the
profile file. </summary>
NERR_ProfileLoadErr = 2374
' <summary> 2375 - @W Errors occurred while saving the
profile file. The profile was partially saved. </summary>
NERR_ProfileSaveErr = 2375
' <summary> 2377 - Log file %1 is full. </summary>
NERR_LogOverflow = 2377
' <summary> 2378 - This log file has changed between reads.
</summary>
NERR_LogFileChanged = 2378
' <summary> 2379 - Log file %1 is corrupt. </summary>
NERR_LogFileCorrupt = 2379
' <summary> 2380 - The source path cannot be a directory.
</summary>
NERR_SourceIsDir = 2380
' <summary> 2381 - The source path is illegal. </summary>
NERR_BadSource = 2381
' <summary> 2382 - The destination path is illegal. </summary>
NERR_BadDest = 2382
' <summary> 2383 - The source and destination paths are on
different servers. </summary>
NERR_DifferentServers = 2383
' <summary> 2385 - The Run server you requested is paused.
</summary>
NERR_RunSrvPaused = 2385
' <summary> 2389 - An error occurred when communicating
with a Run server. </summary>
NERR_ErrCommRunSrv = 2389
' <summary> 2391 - An error occurred when starting a
background process. </summary>
NERR_ErrorExecingGhost = 2391
' <summary> 2392 - The shared resource you are connected to
could not be found. </summary>
NERR_ShareNotFound = 2392
' <summary> 2400 - The LAN adapter number is invalid.
</summary>
NERR_InvalidLana = 2400
' <summary> 2401 - There are open files on the connection.
</summary>
NERR_OpenFiles = 2401
' <summary> 2402 - Active connections still exist. </summary>
NERR_ActiveConns = 2402
' <summary> 2403 - This share name or password is invalid.
</summary>
NERR_BadPasswordCore = 2403
' <summary> 2404 - The device is being accessed by an
active process. </summary>
NERR_DevInUse = 2404
' <summary> 2405 - The drive letter is in use locally.
</summary>
NERR_LocalDrive = 2405
' <summary> 2430 - The specified client is already
registered for the specified event. </summary>
NERR_AlertExists = 2430
' <summary> 2431 - The alert table is full. </summary>
NERR_TooManyAlerts = 2431
' <summary> 2432 - An invalid or nonexistent alert name was
raised. </summary>
NERR_NoSuchAlert = 2432
' <summary> 2433 - The alert recipient is invalid. </summary>
NERR_BadRecipient = 2433
' <summary> 2434 - A user's session with this server has
been deleted </summary>
NERR_AcctLimitExceeded = 2434
' <summary> 2440 - The log file does not contain the
requested record number. </summary>
NERR_InvalidLogSeek = 2440
' <summary> 2450 - The user accounts database is not
configured correctly. </summary>
NERR_BadUasConfig = 2450
' <summary> 2451 - This operation is not permitted when the
Netlogon service is running. </summary>
NERR_InvalidUASOp = 2451
' <summary> 2452 - This operation is not allowed on the
last administrative account. </summary>
NERR_LastAdmin = 2452
' <summary> 2453 - Could not find domain controller for
this domain. </summary>
NERR_DCNotFound = 2453
' <summary> 2454 - Could not set logon information for this
user. </summary>
NERR_LogonTrackingError = 2454
' <summary> 2455 - The Netlogon service has not been
started. </summary>
NERR_NetlogonNotStarted = 2455
' <summary> 2456 - Unable to add to the user accounts
database. </summary>
NERR_CanNotGrowUASFile = 2456
' <summary> 2457 - This server's clock is not synchronized
with the primary domain controller's clock. </summary>
NERR_TimeDiffAtDC = 2457
' <summary> 2458 - A password mismatch has been detected.
</summary>
NERR_PasswordMismatch = 2458
' <summary> 2460 - The server identification does not
specify a valid server. </summary>
NERR_NoSuchServer = 2460
' <summary> 2461 - The session identification does not
specify a valid session. </summary>
NERR_NoSuchSession = 2461
' <summary> 2462 - The connection identification does not
specify a valid connection. </summary>
NERR_NoSuchConnection = 2462
' <summary> 2463 - There is no space for another entry in
the table of available servers. </summary>
NERR_TooManyServers = 2463
' <summary> 2464 - The server has reached the maximum
number of sessions it supports. </summary>
NERR_TooManySessions = 2464
' <summary> 2465 - The server has reached the maximum
number of connections it supports. </summary>
NERR_TooManyConnections = 2465
' <summary> 2466 - The server cannot open more files
because it has reached its maximum number. </summary>
NERR_TooManyFiles = 2466
' <summary> 2467 - There are no alternate servers
registered on this server. </summary>
NERR_NoAlternateServers = 2467
' <summary> 2470 - Try down-level (remote admin protocol)
version of API instead. </summary>
NERR_TryDownLevel = 2470
' <summary> 2480 - The UPS driver could not be accessed by
the UPS service. </summary>
NERR_UPSDriverNotStarted = 2480
' <summary> 2481 - The UPS service is not configured
correctly. </summary>
NERR_UPSInvalidConfig = 2481
' <summary> 2482 - The UPS service could not access the
specified Comm Port. </summary>
NERR_UPSInvalidCommPort = 2482
' <summary> 2483 - The UPS indicated a line fail or low
battery situation. Service not started. </summary>
NERR_UPSSignalAsserted = 2483
' <summary> 2484 - The UPS service failed to perform a
system shut down. </summary>
NERR_UPSShutdownFailed = 2484
' <summary> 2500 - The program below returned an MS-DOS
error code: </summary>
NERR_BadDosRetCode = 2500
' <summary> 2501 - The program below needs more memory:
</summary>
NERR_ProgNeedsExtraMem = 2501
' <summary> 2502 - The program below called an unsupported
MS-DOS function: </summary>
NERR_BadDosFunction = 2502
' <summary> 2503 - The workstation failed to boot. </summary>
NERR_RemoteBootFailed = 2503
' <summary> 2504 - The file below is corrupt. </summary>
NERR_BadFileCheckSum = 2504
' <summary> 2505 - No loader is specified in the boot-block
definition file. </summary>
NERR_NoRplBootSystem = 2505
' <summary> 2506 - NetBIOS returned an error: The NCB and
SMB are dumped above. </summary>
NERR_RplLoadrNetBiosErr = 2506
' <summary> 2507 - A disk I/O error occurred. </summary>
NERR_RplLoadrDiskErr = 2507
' <summary> 2508 - Image parameter substitution failed.
</summary>
NERR_ImageParamErr = 2508
' <summary> 2509 - Too many image parameters cross disk
sector boundaries. </summary>
NERR_TooManyImageParams = 2509
' <summary> 2510 - The image was not generated from an
MS-DOS diskette formatted with /S. </summary>
NERR_NonDosFloppyUsed = 2510
' <summary> 2511 - Remote boot will be restarted later.
</summary>
NERR_RplBootRestart = 2511
' <summary> 2512 - The call to the Remoteboot server
failed. </summary>
NERR_RplSrvrCallFailed = 2512
' <summary> 2513 - Cannot connect to the Remoteboot server.
</summary>
NERR_CantConnectRplSrvr = 2513
' <summary> 2514 - Cannot open image file on the Remoteboot
server. </summary>
NERR_CantOpenImageFile = 2514
' <summary> 2515 - Connecting to the Remoteboot server...
</summary>
NERR_CallingRplSrvr = 2515
' <summary> 2516 - Connecting to the Remoteboot server...
</summary>
NERR_StartingRplBoot = 2516
' <summary> 2517 - Remote boot service was stopped check
the error log for the cause of the problem. </summary>
NERR_RplBootServiceTerm = 2517
' <summary> 2518 - Remote boot startup failed check the
error log for the cause of the problem. </summary>
NERR_RplBootStartFailed = 2518
' <summary> 2519 - A second connection to a Remoteboot
resource is not allowed. </summary>
NERR_RPL_CONNECTED = 2519
' <summary> 2550 - The browser service was configured with
MaintainServerList=No. </summary>
NERR_BrowserConfiguredToNotRun = 2550
' <summary> 2610 - Service failed to start since none of
the network adapters started with this service. </summary>
NERR_RplNoAdaptersStarted = 2610
' <summary> 2611 - Service failed to start due to bad
startup information in the registry. </summary>
NERR_RplBadRegistry = 2611
' <summary> 2612 - Service failed to start because its
database is absent or corrupt. </summary>
NERR_RplBadDatabase = 2612
' <summary> 2613 - Service failed to start because RPLFILES
share is absent. </summary>
NERR_RplRplfilesShare = 2613
' <summary> 2614 - Service failed to start because RPLUSER
group is absent. </summary>
NERR_RplNotRplServer = 2614
' <summary> 2615 - Cannot enumerate service records. </summary>
NERR_RplCannotEnum = 2615
' <summary> 2616 - Workstation record information has been
corrupted. </summary>
NERR_RplWkstaInfoCorrupted = 2616
' <summary> 2617 - Workstation record was not found. </summary>
NERR_RplWkstaNotFound = 2617
' <summary> 2618 - Workstation name is in use by some other
workstation. </summary>
NERR_RplWkstaNameUnavailable = 2618
' <summary> 2619 - Profile record information has been
corrupted. </summary>
NERR_RplProfileInfoCorrupted = 2619
' <summary> 2620 - Profile record was not found. </summary>
NERR_RplProfileNotFound = 2620
' <summary> 2621 - Profile name is in use by some other
profile. </summary>
NERR_RplProfileNameUnavailable = 2621
' <summary> 2622 - There are workstations using this
profile. </summary>
NERR_RplProfileNotEmpty = 2622
' <summary> 2623 - Configuration record information has
been corrupted. </summary>
NERR_RplConfigInfoCorrupted = 2623
' <summary> 2624 - Configuration record was not found.
</summary>
NERR_RplConfigNotFound = 2624
' <summary> 2625 - Adapter ID record information has been
corrupted. </summary>
NERR_RplAdapterInfoCorrupted = 2625
' <summary> 2626 - An internal service error has occurred.
</summary>
NERR_RplInternal = 2626
' <summary> 2627 - Vendor ID record information has been
corrupted. </summary>
NERR_RplVendorInfoCorrupted = 2627
' <summary> 2628 - Boot block record information has been
corrupted. </summary>
NERR_RplBootInfoCorrupted = 2628
' <summary> 2629 - The user account for this workstation
record is missing. </summary>
NERR_RplWkstaNeedsUserAcct = 2629
' <summary> 2630 - The RPLUSER local group could not be
found. </summary>
NERR_RplNeedsRPLUSERAcct = 2630
' <summary> 2631 - Boot block record was not found. </summary>
NERR_RplBootNotFound = 2631
' <summary> 2632 - Chosen profile is incompatible with this
workstation. </summary>
NERR_RplIncompatibleProfile = 2632
' <summary> 2633 - Chosen network adapter ID is in use by
some other workstation. </summary>
NERR_RplAdapterNameUnavailable = 2633
' <summary> 2634 - There are profiles using this
configuration. </summary>
NERR_RplConfigNotEmpty = 2634
' <summary> 2635 - There are workstations, profiles, or
configurations using this boot block. </summary>
NERR_RplBootInUse = 2635
' <summary> 2636 - Service failed to backup Remoteboot
database. </summary>
NERR_RplBackupDatabase = 2636
' <summary> 2637 - Adapter record was not found. </summary>
NERR_RplAdapterNotFound = 2637
' <summary> 2638 - Vendor record was not found. </summary>
NERR_RplVendorNotFound = 2638
' <summary> 2639 - Vendor name is in use by some other
vendor record. </summary>
NERR_RplVendorNameUnavailable = 2639
' <summary> 2640 - (boot name, vendor ID) is in use by some
other boot block record. </summary>
NERR_RplBootNameUnavailable = 2640
' <summary> 2641 - Configuration name is in use by some
other configuration. </summary>
NERR_RplConfigNameUnavailable = 2641
' <summary> 2660 - The internal database maintained by the
Dfs service is corrupt. </summary>
NERR_DfsInternalCorruption = 2660
' <summary> 2661 - One of the records in the internal Dfs
database is corrupt. </summary>
NERR_DfsVolumeDataCorrupt = 2661
' <summary> 2662 - There is no DFS name whose entry path
matches the input Entry Path. </summary>
NERR_DfsNoSuchVolume = 2662
' <summary> 2663 - A root or link with the given name
already exists. </summary>
NERR_DfsVolumeAlreadyExists = 2663
' <summary> 2664 - The server share specified is already
shared in the Dfs. </summary>
NERR_DfsAlreadyShared = 2664
' <summary> 2665 - The indicated server share does not
support the indicated DFS namespace. </summary>
NERR_DfsNoSuchShare = 2665
' <summary> 2666 - The operation is not valid on this
portion of the namespace. </summary>
NERR_DfsNotALeafVolume = 2666
' <summary> 2667 - The operation is not valid on this
portion of the namespace. </summary>
NERR_DfsLeafVolume = 2667
' <summary> 2668 - The operation is ambiguous because the
link has multiple servers. </summary>
NERR_DfsVolumeHasMultipleServers = 2668
' <summary> 2669 - Unable to create a link. </summary>
NERR_DfsCantCreateJunctionPoint = 2669
' <summary> 2670 - The server is not Dfs Aware. </summary>
NERR_DfsServerNotDfsAware = 2670
' <summary> 2671 - The specified rename target path is
invalid. </summary>
NERR_DfsBadRenamePath = 2671
' <summary> 2672 - The specified DFS link is offline.
</summary>
NERR_DfsVolumeIsOffline = 2672
' <summary> 2673 - The specified server is not a server for
this link. </summary>
NERR_DfsNoSuchServer = 2673
' <summary> 2674 - A cycle in the Dfs name was detected.
</summary>
NERR_DfsCyclicalName = 2674
' <summary> 2675 - The operation is not supported on a
server-based Dfs. </summary>
NERR_DfsNotSupportedInServerDfs = 2675
' <summary> 2676 - This link is already supported by the
specified server-share. </summary>
NERR_DfsDuplicateService = 2676
' <summary> 2677 - Can't remove the last server-share
supporting this root or link. </summary>
NERR_DfsCantRemoveLastServerShare = 2677
' <summary> 2678 - The operation is not supported for an
Inter-DFS link. </summary>
NERR_DfsVolumeIsInterDfs = 2678
' <summary> 2679 - The internal state of the Dfs Service
has become inconsistent. </summary>
NERR_DfsInconsistent = 2679
' <summary> 2680 - The Dfs Service has been installed on
the specified server. </summary>
NERR_DfsServerUpgraded = 2680
' <summary> 2681 - The Dfs data being reconciled is
identical. </summary>
NERR_DfsDataIsIdentical = 2681
' <summary> 2682 - The DFS root cannot be deleted.
Uninstall DFS if required. </summary>
NERR_DfsCantRemoveDfsRoot = 2682
' <summary> 2683 - A child or parent directory of the share
is already in a Dfs. </summary>
NERR_DfsChildOrParentInDfs = 2683
' <summary> 2690 - Dfs internal error. </summary>
NERR_DfsInternalError = 2690
' <summary> 2691 - This machine is already joined to a
domain. </summary>
NERR_SetupAlreadyJoined = 2691
' <summary> 2692 - This machine is not currently joined to
a domain. </summary>
NERR_SetupNotJoined = 2692
' <summary> 2693 - This machine is a domain controller and
cannot be unjoined from a domain. </summary>
NERR_SetupDomainController = 2693
' <summary> 2694 - The destination domain controller does
not support creating machine accounts in OUs. </summary>
NERR_DefaultJoinRequired = 2694
' <summary> 2695 - The specified workgroup name is invalid.
</summary>
NERR_InvalidWorkgroupName = 2695
' <summary> 2696 - The specified computer name is
incompatible with the default language used on the domain controller.
</summary>
NERR_NameUsesIncompatibleCodePage = 2696
' <summary> 2697 - The specified computer account could not
be found. </summary>
NERR_ComputerAccountNotFound = 2697
' <summary> 2698 - This version of Windows cannot be joined
to a domain. </summary>
NERR_PersonalSku = 2698
' <summary> 2701 - The password must change at the next
logon. </summary>
NERR_PasswordMustChange = 2701
' <summary> 2702 - The account is locked out. </summary>
NERR_AccountLockedOut = 2702
' <summary> 2703 - The password is too long. </summary>
NERR_PasswordTooLong = 2703
' <summary> 2704 - The password does not meet the
complexity policy. </summary>
NERR_PasswordNotComplexEnough = 2704
' <summary> 2705 - The password does not meet the
requirements of the password filter DLLs. </summary>
NERR_PasswordFilterError = 2705
End Enum
#End Region

Public Sub New()
For Each curModule As String In
Directory.GetFiles(ModuleSearchPath, "isadpvl*.dll")
Try
Dim objAssembly As Assembly =
Assembly.LoadFile(curModule)
Dim objType As System.Type =
objAssembly.GetType("isadpvl.PasswordValidator")

If Not objType Is Nothing Then
prvInnerValidator =
Activator.CreateInstance(objType)
prvInnerValidator.ValidatePassword("bla")

Exit For
End If
Catch ex As Exception
prvInnerValidator = Nothing
Debug.Print("Fehler beim Laden von Validator " &
curModule & " : " & ex.ToString)
MsgBox("Fehler beim Laden von Validator " &
curModule & " : " & ex.ToString, MsgBoxStyle.Critical)
End Try
Next

If prvInnerValidator Is Nothing Then
Throw New NotSupportedException("Es wurde keine
kompatible Hilfsbibliothek f�r die Validierung von Passw�rtern, unter
Ber�cksichtigung der aktuell g�ltigen Dom�nensicherheitsrichtlinien
gefunden.")
End If
End Sub

Private ReadOnly Property ModuleSearchPath() As String
Get
Return
Path.GetDirectoryName(Assembly.GetExecutingAssembly.Location)
End Get
End Property

Public Function ValidatePassword(ByVal paramPassword As String,
ByRef paramReason As String) As Boolean
Try
Dim intResult As enmResult =
prvInnerValidator.ValidatePassword(paramPassword)

Select Case intResult
Case enmResult.NERR_Success
Return True

Case enmResult.NERR_BadPassword
paramReason = "Unzul�ssiges Passwort"
Return False

Case enmResult.NERR_PasswordNotComplexEnough
paramReason = "Passwort erf�llt nicht die in
der Dom�nensicherheitsrichtlinie hinterlegten Komplexit�tskriterien
(Details zu den Sicherheitsvorgaben, f�r die Vergabe von Passw�rtern in
Ihrem Unternehmen, erfahren Sie von Ihrem Systemadministrator)"
Return False

Case enmResult.NERR_PasswordTooLong
paramReason = "Passwort ist zu lang"
Return False

Case enmResult.NERR_PasswordTooShort
paramReason = "Passwort ist zu kurz"
Return False

Case enmResult.NERR_PasswordFilterError
paramReason = "Passwort erf�llt nicht die
Kriterien der auf dem Dom�nencontroller installierten Passwortfilter"
Return False

Case Else
Dim strVarName As String

Try
strVarName =
[Enum].GetName(GetType(enmResult), intResult)
Catch ex As Exception
strVarName = Nothing
End Try

If strVarName Is Nothing Then
paramReason = "Passwort konnte nicht
validiert werden (Fehlercode: " & Convert.ToInt64(intResult).ToString & ")"
Else
paramReason = "Passwort konnte nicht
validiert werden (Fehlerkennung: " & strVarName & ")"
End If

Return False

End Select
Catch ex As Exception
paramReason = "Fehler beim validieren des Passworts:" &
vbCrLf & ex.ToString
Return False
End Try
End Function
End Class
End Namespace

I hope, I was able to help you.

Bastian


--
Bastian Krau�

implements GmbH
Hauptstra�e 64
91054 Erlangen

Tel: 09131 / 92 343 - 48
Fax: 09131 / 92 343 - 69
H RB 7901 (Amtsgericht F�rth)
Gesch�ftsf�hrer: Peter Thorn

http://www.implements.de