Set Except Auditing Password Strings

Use this group policy to specify strings that the auditing agent should ignore when capturing standard input data. For security, typed passwords are always ignored by default.

If this group policy is enabled, specify strings to ignore using regular expressions that do not include quotes. Leading and trailing spaces are ignored, spaces in the middle are not affected. For example:

dash.auditstdin.except: (prompt1\|prompt2)

will match strings like these:

This is prompt1:

Prompt2 asks for password:

If this group policy is disabled or not configured, this mandatory string pattern is applied:

(password[[:alnum:][:blank:][:punct:]]\*:[[:space:]]\*\$)\|(verify[[:alnum:][:blank:][:punct:]]\*:[[:space:]]\*\$)

The default value is empty to ignore only the passwords that users enter.

To use this group policy:

1. Double click the policy in the right pane of the Group Policy Management Editor.
2. On the Policy tab, select Enabled.
3. Type a regular expression that defines the string to ignore.
4. Click OK to save settings in this policy.

This group policy modifies the dash.auditstdin.except setting in the configuration file /etc/centrifyda/centrifyda.conf. For more information about specifying exceptions, see the comments in the centrifyda.conf file.