The
Objective of this document is to show the implementation steps for Windows 2008
R2 Active Directory features like Fine Grained Password Policy.
I have divided the post in 2 parts:-
Part 1 - How to Create Fine Grained Password Policy
Part 2 - How to Apply PSO to User or Group
I have divided the post in 2 parts:-
Part 1 - How to Create Fine Grained Password Policy
Part 2 - How to Apply PSO to User or Group
Step 1: Under Administrator Tools Open ADSI Edit and connect it to a domain and domain controller you want to setup the New Password Policy.
Step 2: Double click on the “CN=DomainName” then double click on “CN=System” and then double click on “CN=Password Settings Container”.
Step 3: Right click on “CN=Password Settings Container” and then click on “New” then “Object…”
Step 4: Click on “Next”
Step 5: Type the name of the PSO in the “Value” field and then click “Next”
Step 6: Type in a number that will be the Precedence for this Password Policy then click “Next”.
Note: This is used if users have multiple Password Settings Object (PSO) applied to them.
Step 7: Type “FALSE” in the value field and click “Next”
Note: You should almost never use “TRUE” for this setting.
Step 8: Type “24” default value else ING standard in the “Value” field and click “Next”
Step 9: Type “TRUE” in the “Value” field if you want to set complex password else “False” and click “Next”
Step 10: Type ING standard password length in the “Value” field and click “Next”
Step 11: Type “5:00:00:00” in the “Value” field and click “Next”
Note: This value determines the minimum period before which user cannot change the Password in DD:HH:MM:SS format.
Step 12: Type “30:00:00:00” in the “Value” field and click “Next”
Note: This value determines the Password Expiry Duration in DD:HH:MM:SS format.
Step 13: Type “3” in the “Value” field and click “Next”
Note: This value determines the maximum attempts before account lockout.
Step 14: Type “0:00:30:00” field and click “Next”
Note: This value determines the observation duration between each wrong password attempts in DD:HH:MM:SS format.
Step 15: Type “0:01:00:00” in the “Value” field and click “Next”
Note: This value should be greater than “Observation Window for Lockout of User Accounts” Value.
Step 16: Click “Finish”
You have now created the Password Settings Object (PSO) and you can close the ADSIEdit tool.
Hi Dear, have you been certainly visiting this site daily, if that's the case you then will certainly get good knowledge. password keeper
ReplyDelete