Fine Grained Password Policies Facts

by Nirmal Sharma [Published on 6 May 2009 / Last Updated on 31 Dec. 2008]

This article lists some facts about the FGPP.

FGPP is a new feature introduced in Windows Server 2008. This feature offers the multiple password policies to users in the organization. Here are some points which describe the FGPP features and facts:

  • There are two new Object Classes in Schema for PSO: 
  •  PSC: Password Settings Container
  •  PSO: Password Settings Object
  • Multiple Password and Account Lockout Policies
  • Specific to a user or security group.
  • No need for another domain
  • Cannot apply directly to Organization Unit directly
  • Apply to User and Security Groups only, doesn't apply to computer accounts.
  • Do not interact with customer password filters
  • Multiple PSOs can be applied to a user or group, only one PSO is applied at a time
  • PSO Settings are not merged
  • PSO must be configured using either LDIFDE or ADSIEdit.msc snap-in.
  • The following attributes must be set for a PSO to work:
      (msDS-PasswordSettings)                             
      Attributes:  (Must have a value)                                                                 
      msDS-PasswordSettingsPrecendence                               
      msDSPasswordReversibleEncryptionEnabled         
      msDSPasswordHistoryLength                         
      msDS-PasswordComplexityEnabled               
      msDS-MinimumPasswordLength                            
      msDS-MinimumPasswordAge                               
      msDS-MaximumPasswordAge                          
      msDS-LockoutThreshold                                           
      msDS-LockoutObservationWindow                                 
      msDS-LockoutDuration                                       
      msDS-PSOAppliesTo (Not Mandatory)      

 

See Also

Featured Links