Fine Grained Password Policy In The Win 2008/R2

Windows 2003 and below supports only single password policy in the domain and it wasn’t possible to configure multiple or different password or account lockout policy for the different set of users or groups within the same domain. The different password policy sometimes force to create different domain if you are hosting AD for the multiple clients due to their requirements. Windows 2008/R2 supports multiple password policy in the domain, which was most requested features in the newest OS. Microsoft heard it & introduced the different password policy in windows 2008 & above called as Fine Grained Password Policy(FGPP).

The requirement for implementing the Fine Grained Password Policy(FGPP) is domain functional level required to be windows at 2008 & above. This means your all the DC in the particular domain where you want to implement FGPP should be running DC’s in windows 2008 & above.

Windows Server 2008 – Fine Grained Password Policy Walkthrough

http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx

Here is the step by step link to configure Windows 2008 Fine Grained Policy.

http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx

Tool to manage fined grained password policy using GUI.

http://www.specopssoft.com/documentation/specops-password-policy-basic-documentation

AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide

http://technet.microsoft.com/en-us/library/cc770842.aspx

AD DS: Fine-Grained Password Policies

http://technet.microsoft.com/en-us/library/cc770394%28v=ws.10%29.aspx