Enzoic for Active Directory

Setup Instructions

Download the Installer

The installer is available as both an MSI and an EXE. The EXE version will install the necessary version of the .NET Framework if it is not already available on your server, while the MSI will not. If in doubt, you should use the EXE installer.

Links to download the most current version (Domain Controllers must all run the same version):

https://cdn.enzoic.com/files/EnzoicForAD.exe (MD5: 3dc18fb7c22d2640fc16305024e6f2fa)
https://cdn.enzoic.com/files/EnzoicForAD.msi (MD5: 5d44b13896d1e6b2acc89225fe7fc011)

Read the current release notes.

Multiple Domain Controllers

Enzoic for Active Directory needs to be installed on every domain controller in the target domain. Note that Enzoic for Active Directory stores its configuration settings in Active Directory, so once it is configured on one domain controller, the configuration settings will replicate to all the domain controllers in the domain.

Setup Wizard Installation

Run the installer, and then reboot the domain controller when prompted. Future upgrades will not generally require a reboot, but the initial install does.

Enzoic for Active Directory needs to run on each domain controller; however, it only needs to be configured once. All configuration settings (with the exception of the optional proxy server settings) are stored in Active Directory and automatically shared with all instances of that domain.

After the initial reboot, the Setup Wizard will walk you through the configuration process with the following steps. All settings can be modified through the console after initial set-up:

1. Network Settings:
Adjust the API timeout duration after which the password change will be allowed to go through without checking. The compromise status will be detected subsequently if Continuous Password Protection is enabled.

OPTIONAL: Specify any HTTP proxy server if you wish to route traffic to Enzoic’s server. This setting will need to be configured separately on each Domain Controller.

2. License:
Enter your Enzoic License Key provided for your account.

You can register to obtain a free key

3. Monitored Entities:
Specify which Active Directory accounts to protect. You can select all Active Directory users, individual users, groups, or containers/ou.

4. One Click NIST Compliance:
Choose if you’d like to accept the default settings recommended for NIST 800-63b:

  • Custom dictionary for context-sensitive words for your business
  • Common passwords found in cracking dictionaries
  • Fuzzy matching for common patterns and substitutions
  • Continuous monitoring to detect when existing password becomes vulnerable

5. Password Policies (not shown when One Click NIST Compliance is selected):
Define how Enzoic will handle compromised password screening (inclusion of cracking dictionaries, fuzzy matching, etc.) and additional password policies (passwords that include user’s information).

6. Continuous Password Protection Settings:
Choose to monitor passwords daily to detect subsequent compromise and configure the desired remediation actions. You have the option to customize email templates for alerts sent via Amazon Simple Email Services. You can also select the Delegate Server, which is the Domain Controlled that handles the continuous monitoring process.

7. Administrative. Notifications:
Include one or more email addresses to be notified for events, including: a) detection of new password compromise, b) summary of all users’ compromise status, and c) alert to any service operation errors.

8. Test Settings:
Validate a username (either NT4 style or UPN) and a test password to ensure the user account is included (or excluded) as desired, and that the application can reach the Enzoic servers.

Sample compromised password: uGetL0ckedOut!