Awinish's Technical Blog

Lets continue the journey of learning & Share.!!

Fine Grained Password Policy In The Win 2008/R2

Posted by Awinish on November 9, 2010

Windows 2003 and below supports only single password policy in the domain and it wasn’t possible to configure multiple or different password or account lockout policy for the different set of users or groups within the same domain. The different password policy sometimes force to create different domain if you are hosting AD for the multiple clients due to their requirements. Windows 2008/R2 supports multiple password policy in the domain, which was most requested features in the newest OS. Microsoft heard it & introduced the different password policy in windows 2008 & above called as Fine Grained Password Policy(FGPP).

The requirement for implementing the Fine Grained Password Policy(FGPP) is domain functional level required to be windows at 2008 & above. This means your all the DC in the particular domain where you want to implement FGPP should be running DC’s in windows 2008 & above.

Windows Server 2008 – Fine Grained Password Policy Walkthrough

Here is the step by step link to configure Windows 2008 Fine Grained Policy.

Tool to manage fined grained password policy using GUI.

AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide

AD DS: Fine-Grained Password Policies



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s