Fine grained password policies for Windows Server 2008 Active Directory Domain Services
Another new feature in Windows Server 2008 Active Directory Domain Services is that (at long last) it’s now possible to apply multiple password policies within a single domain using a new feature called fine grained password policies. Now PINs can be used for mobile device access and complex passwords for conventional form factor devices without requiring separate domains, third party software or writing a custom password filter DLL.
The fine grained password policies are user and group based (i.e. not per-OU - in order to avoid extra domain load during login) and multiple policies can be applied; however, the new functionality involves a complex administrative process and there is no GUI yet (although the password settings container can be found if Advanced Features are enabled in Active Directory Users and Computers). Fortunately, Joe Richards has written PSOMgr (a command line tool to manage fine grain password policy password settings objects) and Christoffer Andersson has a similar tool with MMC/PowerShell interfaces.
Posted: 21:52 on Tuesday 31 July 2007 under Windows Server 2008, Active Directory.
Comments: 1
RSS (for comments on this post only)Share This
Comments
Pingback from Mark’s (we)Blog » Some free Windows tools
Time: Tuesday 31 July 2007, 21:53
[…] was recently alerted to the presence of Joe Richards’ PSOMgr tool for managing Windows Server 2008 fine grained password policies and it turns out that Joe has a whole heap of useful tools available for free on his […]
Write a comment
Please note the rules for comments and the privacy policy and data protection notice. I'm sorry but, because not everyone sticks to the rules, I've had to implement some spam prevention measures - if you're experiencing difficulties leaving a comment, please let me know.