Sharing of thoughts and information is what blogging is all about. This way we can learn from each other. Post A Comment!These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.
Anthony Bartolo Twitter | LinkedIn
Pierre Roman Twitter | LinkedIn
Here is a little that IT Planners/Designers and especially administrator will be interested in. It’s something that, in all my years managing\designing\deploying AD environments, I've been asked over and over. Sometimes for the wrong reason….
To follow along:
What do fine-grained password policies do?
You can use fine-grained password policies to specify multiple password policies in a single domain and apply different restrictions for password and account lockout policies to different sets of users in a domain.
For example, you can apply stricter settings to privileged accounts and less strict settings to the accounts of other users. In other cases, you might want to apply a special password policy for accounts whose passwords are synchronized with other data sources.
Fine-grained password policies apply only to global security groups and user objects. (inetOrgPerson objects if they are used instead of user objects). Fine-grained password policy cannot be applied to an organizational unit (OU) directly.
Other considerations are:
1- To enable Fine-Grained Password Policies (FGPP), you need to open the Active Directory Administrative Center (ADAC), switch to the Tree View and navigate to the System, Password Settings Container.
2- Right-click the Password Settings Container object and select “New”, “Password Settings”
3- In the “Create Password Policy” UI, fill all the fields that are appropriate.
I suggest descriptive names and description of why you create a new policy, how the policy differ from the default Password policy. And what group it will apply to. Just so you know why you did that when you review it down the road. (It could even say “because my boss made me do it…”)
4- Click the add button in the “Directly Applies To” section and select the Global Group you want to target.
In our case the “High security Users” group and click OK.
And click OK, to close the “Create Password Policy” dialogue.
That’s it. One Fine-Grained Password Policies (FGPP) done!
Pierre Roman, MCITP, ITIL | Technology Evangelist Twitter | Facebook | LinkedIn