Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What is the alternative way to apply and implement password policies to different groups and users?

Prior to Windows2008, it was difficult to apply password policies to specific groups or users. Only one single password policy is applied to the entire AD domain.

user-image
Question added by Ahmad Yassein , Infrastructure Network Manager , Ministry of International Cooperation (MIC)
Date Posted: 2013/10/31
Irshad Ahmed Muallim
by Irshad Ahmed Muallim , Sr System Engineer , Confidential

Windows Server2008 and later DCs let you to create multiple policies (Fine grained Password policies). It requires manually creating additional Password Setting Object (PSO) in Active Directory, using tools like ADSIEdit or LDIFE (or any3rd party tool). Before creating PSO you have to keep in mind that,

1> Domain's functional level must be2008 or later.

2> For creating PSO you to login as member of Domain Admin group.

The detailed steps for creating Fine Grained Password Policy can be found at, http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx

Wasmia Babar Babar
by Wasmia Babar Babar , Army Ranger , Standard Chartered - Pakistan

Yes i am ready apply in army

Ahmad Yassein
by Ahmad Yassein , Infrastructure Network Manager , Ministry of International Cooperation (MIC)

Correct ;)

More Questions Like This