Fine Grained Password Policies Facts

by [Published on 6 May 2009 / Last Updated on 31 Dec. 2008]

This article lists some facts about the FGPP.

FGPP is a new feature introduced in Windows Server 2008. This feature offers the multiple password policies to users in the organization. Here are some points which describe the FGPP features and facts:

  • There are two new Object Classes in Schema for PSO: 
  •  PSC: Password Settings Container
  •  PSO: Password Settings Object
  • Multiple Password and Account Lockout Policies
  • Specific to a user or security group.
  • No need for another domain
  • Cannot apply directly to Organization Unit directly
  • Apply to User and Security Groups only, doesn't apply to computer accounts.
  • Do not interact with customer password filters
  • Multiple PSOs can be applied to a user or group, only one PSO is applied at a time
  • PSO Settings are not merged
  • PSO must be configured using either LDIFDE or ADSIEdit.msc snap-in.
  • The following attributes must be set for a PSO to work:
      Attributes:  (Must have a value)                                                                 
      msDS-PSOAppliesTo (Not Mandatory)      


See Also

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to PowerShell-based Dynamic Packs for www.ITDynamicPacks.Net solutions.

Featured Links