A quick description of fine grained password policies is that you
can specify multiple password policies within a single domain. You can use
fine-grained password policies to apply different restrictions for password and
account lockout policies to different sets of users in a domain
One of the nice features introduced in Windows Server 2010 “Server
8 beta” AD DS is the ability to configure fine grained password policies
through GUI.
In this post we will walk through the configuration steps to
create and assign different password policies to different user groups within
the same Active Directory Domain, table below gives an example of different
password policy requirements:
|
Group Name/Setting
|
Group1
|
Group2
|
Group3
|
|
Policy Name
|
Poli-Group1
|
Poli-Group2
|
Poli-Group3
|
|
Minimum password length
|
2
|
6
|
19
|
|
Minimum password age
|
1
|
2
|
14
|
|
Enforce password history
|
24
|
15
|
none
|
To configure password policies as per the table above
1.
Login using a domain admin account to a machine that has Active
Directory administration tools and open Server Manager.
2. Go to tools and open Active Directory Administrative Center.
3. Click on Tree View.
4. Navigate to System container then Password Settings
Container.
5. Right click Password Settings Container, then New-Password
Policy
6. Specify the password policy settings for each of the required
policies
7.
Click add to link the created policy to users security group
“Group1”
No comments:
Post a Comment