Password Control – Advanced Configuration

Most settings are stored on a per user basis and are persisted in an xml file in the application data of a user profile.  These settings can be modified within the password control application and there should be no need to manually edit the xml file.  There is also an xml file stored within the Password Control application directory that gives access to some additional, application level settings.  You can also edit this file to change the default user settings that are used.

Use nodepad or other xml/text editor to open the “PasswordControl.exe.config” file. I’d recommend making a backup copy of the “PasswordControl.exe.config” file before you start to make any changes.

Application settings are stored under an “” node under a root “” node.

Application settings are stored under the configuration\applicationSettings node.  The following Application Settings are available:

SettingSyntaxDefault ValueExplination
DisplayEnableAccountTrue/FalseTrueControls the visibility of the “Enable Account” button.
DisplayDisableAccountTrue/FalseTrueControls the visibility of the “Disable Account” button
DisplayForcePasswordChangeAtLogonTrue/FalseTrueControls the visibility of the “Force Password Change At Logon”
DisplayAccountIsLockedOutTrue/FalseTrueControls the visibility of the “Account is Locked” checkbox. 
AutomaticAccountUnlockTrue/FalseTrueAccounts are automatically unlocked when the password is changed with this setting.
DisplayHelpTrue/FalseTrueControls the visibility of the “Help” menu.
DisplayConnectAsTrue/FalseTrueControls the visibility of the “Connect As” menu item under the “File” menu.
DisplayDomainTrue/FalseTrueControls the visibility of the “Domain” menu item under the “File” menu.
DisplaySearchTrue/FalseTrueControls the visibility of the “Search” menu item under the “File” menu. NB. Users can still access the Search dialog using the F3 shortcut.
DisplaySettingsTrue/FalseTrueControls the visibility of the “Settings” menu item under the “File” menu.
DisableSearchTrue/FalseFalseDisables the Search feature.  Prevents access via the menu and the F3 shortcut.
DisplayGeneratePasswordTrue/FalseTrueControls the visibility of the “G” button for generating passwords.
DisplayToolsTrue/FalseTrueControls the visiblity of the “Tools” menu.  Although visible by default, the menu will only appear if VBS scripts are present in the “Scripts” folder.
PasswordCharSingle Character*Controls the password character used when typing passwords in the password box.  You can change the password character used or remove the password character to display passwords in clear text as typed.
DisplayDomainPolicyTrue/FalseTrueControls the visibility of the “Domain Policy” option in the help menu. 
ConfirmSuccessfulPasswordChangeTrue/FalseTrueDisplay a message box to indicate a sucessful password change.
AuditFailedEventsTrue/FalseFalseWrite failed password & account operations to the event log.
AuditSuccessfulEventsTrue/FalseFalseWrite password changes & account operations to the eventlog when they succeed.
DisplayBulkPasswordControlTrue/FalseTrueControls the visibility og the “Bulk Password Control” menu option.  (Keyboard shortcut still works)
DisableBulkPasswordControlTrue/FalseTrueDisables the “Bulk Password Control” dialog.
FindLDAPFilterString(|(DisplayName=?*)(cn=?*)(sAMAccountName=?*)(userPrincipalName=?*)(sn=?*)(mail=?*))The LDAP filter used to find user accounts when the “Check Name” button is pressed.
If this option is changed the UserNameToolTipText setting should also be changed.  The “?” placeholder will be replaced by the text entered in the username textbox.
UserNameToolTipTextStringEnter the username in one of the following formats:
* User logon name (Pre Windows 2000) e.g. FirstName.LastName
* User Principal Name e.g.
If the username is valid, it should appear in underlined font when you press the TAB key to enter a password. Alternatively, click the “Check Name” button to search the following additional fields:
*DisplayName (displayName) *ObjectName (common-name,cn) *Surname (sn) *Email (mail)
The tooltip to display relating to the username textbox.
FindUserLimitInteger1000The maximum number of user accounts to show when the “Check Name” feature is used and multiple results are returned.
PasswordControlScriptsPathString%apppath%\ScriptsThe directory to search for VBS Scripts to add to the tools menu in Password Control.
BulkPasswordControlScriptsPathString%apppath%\BulkScriptsThe directory to search for VBS Scripts to add to the tools menu in Bulk Password Control.
ConfirmBulkPasswordScriptsBooleanTrueDisplay a confirmation when selecting a VBS file to run in the tools menu of the Bulk Password Control dialog.
DefaultPageSizeInteger500The default page size used for Active Directory searches.  Can be modified to improve performance if required.
UserFilterString(&amp(ObjectClass=User)(ObjectCategory=person)(!(showInAdvancedViewOnly=TRUE))(!(isCriticalSystemObject=TRUE)))The default filter applied when searching for user accounts.  Objects that are shown in advanced view and critical system objects are not included in searches by default.
DisplayAccountMenuBooleanTrueControls the visibility of the “Account Menu”.
DisplayUserMustChangePasswordAtNextLogonBooleanTrueControls the visibility of the “User must change password at next logon” option in the account menu.
DisplayUserCannotChangePasswordBooleanTrueControls the visibility of the “Password never expires” option in the account menu
DisplayPasswordNeverExpiresBooleanTrueControls the visibility of the “Password never expires” option in the account menu.
DisplayStorePasswordUsingReversibleEncryptionBooleanTrueControls the visibility of the “Store password using reversible encryption” option in the account menu.
DisplayAccountIsDisabledBooleanTrueControls the visibility of the “Account is disabled” option in the account menu.
DisplaySmartCardIsRequiredForInteractiveLogonBooleanTrueControls the visibility of the “Smart card is required for interactive logon” option in the account menu.
DisplayAccountIsTrustedForDelegationBooleanTrueControls the visibility of the “Account is trusted for delegation” option in the account menu.
DisplayAccountIsSensitiveAndCannotBeDelegatedBooleanTrueControls the visibility of the “Account is sensitive and cannot be delegated” option in the account menu.
DisplayUseDESEncryptionTypesForThisAccountBooleanTrueControls the visibility of the “Use DES encryption types for this account” option in the account menu.
DisplayDoNotRequireKerberosPreAuthenticationBooleanTrueControls the visibility of the “Do not require kerberos pre authentication” option in the account menu.