Windows Server 2008: Configuring Granular Password Settings

Jakob H. Heidelberg: In the article series "Configuring Granular Password Settings” (part 1 & part 2) we demonstrated how to configure Granular Password Settings for individual users or global security groups in a Windows Server 2008 Active Directory environment, using built-in methods. This article will demonstrate “The Easy Way” of how to handle these additional […]

Jakob H. Heidelberg: In the article series "Configuring Granular Password Settings” (part 1 & part 2) we demonstrated how to configure Granular Password Settings for individual users or global security groups in a Windows Server 2008 Active Directory environment, using built-in methods. This article will demonstrate “The Easy Way” of how to handle these additional password policies in your Windows Server 2008 domain environment.

Different approaches

Like with many other areas of Windows administration you have several different options when it comes to handling the new password policies, their settings and who is affected by them. The built-in possibility, utilizing tools like ADSIEdit, may not be the best option for inexperienced helpdesk personnel, overtired administrators or clumsy consultants like myself – we need better tools, preferably with a neat graphical user interface (GUI) to do the job, nice and safely! Others may claim that we need scriptable solutions to do the job – everybody is talking about PowerShell these days, right? Luckily some cool & free tools have arrived already - before Windows Server 2008 is even released - all of these tools provide us with both PowerShell command-lets (CmdLets) and a nice GUI on the top!

In this article the main focus will be a free utility from Special Operations Software called Specops Password Policy Basic - this tool is a feature limited version of Specops Password Policy. There are of course other possible solutions and some of them will be mentioned in the end of this article.

Specops Password Policy Basic

First thing you need to do is to go and grab the download from the Specops website - you will have to register yourself on the webpage to get hold of the product (a fair deal if you ask me). The tool requires Microsoft .NET Framework 2.0 and Microsoft Management Console (MMC) version 3.0 to be present on the machine on which the product is installed. In my case I have used Microsoft Windows Server 2008 (the RC1 beta version).

During installation you can choose to install the Specops Password Policy Basic MMC snap-in and/or the Windows PowerShell CmdLets – default is to install both components (which will be fine for most scenarios). After installation you will have a new MMC Snap-in available shown in Figure 1.

Full Article

Windows Server 2008, WS2008, Windows Server, Win2K8, Granular, Password, Tips, Tricks, Tips and Tricks, Guide, Walkthrough, Knowledgebase