Beruflich Dokumente
Kultur Dokumente
com Page 1 of 10
Ads by Google
Find Passwords
Installation
Hotmail Password
Reset Group Policy
| More
http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx 3/7/2010
Step-by-Step Guide to Fine-Grained Passwords in Windows Server 2008 | Capitalhead.com Page 2 of 10
Another valid application for using fine-grained password policies, are situations where legacy applications or other data sources require password synchronization.
These situations may require us to relax certain aspects of password complexity or length.
In the following steps, we will configure a fine-grained password policy in Windows Server 2008 with the following settings:
Note: yourdomainname in the following steps should be replaced with the NETBIOS name of your domain.
1. Logon to a Windows Server 2008 domain controller using an account that has membership in the Domain Admins group, or equivalent permissions.
2. Go to Start, Administrative Tools, and then select Active Directory Users and Computers
http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx 3/7/2010
Step-by-Step Guide to Fine-Grained Passwords in Windows Server 2008 | Capitalhead.com Page 3 of 10
3. Expand yourdomainname.com, right-click on the Users container, select New, and then select Group.
4. On the New Object - Group window, enter SpecialAdmins into the Group Name field, and then click OK
7. In the ADSI Edit snap-in, right-click ADSI Edit, and then click Connect to
8. In the Name field, enter yourdomainname.com, and then click OK
9. Double-click yourdomainname.com in the console tree, double-click DC=yourdomainname,DC=com, double-click CN=System, and then click
CN=Password Settings Container
10. Right-click CN=Password Settings Container in the console tree, click New, and then click Object
http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx 3/7/2010
Step-by-Step Guide to Fine-Grained Passwords in Windows Server 2008 | Capitalhead.com Page 4 of 10
11. In the Create Object dialog box, under Select a class, click msDC-PasswordSettings, and then click Next.
12. In the Create Object dialog box, enter SpecialAdmins in the Value field, and then click Next.
13. For the msDS-PasswordSettingsPrecedence value, enter 1, and then click Next
http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx 3/7/2010
Step-by-Step Guide to Fine-Grained Passwords in Windows Server 2008 | Capitalhead.com Page 5 of 10
14. For the msDS-PasswordReversibleEncryptionEnabled value, enter false, and then click Next
15. For the msDS-PasswordHistoryLength value, enter 24, and then click Next
16. For the msDS-PasswordComplexityEnabled value, enter false, and then click Next
http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx 3/7/2010
Step-by-Step Guide to Fine-Grained Passwords in Windows Server 2008 | Capitalhead.com Page 6 of 10
17. For the msDS-MinimumPasswordLength value, enter 12, and then click Next
18. For the msDS-MinimumPasswordAge, enter 1:00:00:00, and then click Next
19. For the msDS-MaximumPasswordAge, enter 30:00:00:00, and then click Next
http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx 3/7/2010
Step-by-Step Guide to Fine-Grained Passwords in Windows Server 2008 | Capitalhead.com Page 7 of 10
21. For the msDS-LockoutObservationWindow, enter 0:00:30:00, and then click Next
22. For the msDS-LockoutDuration, enter (never), and then click Next, then click Finish
http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx 3/7/2010
Step-by-Step Guide to Fine-Grained Passwords in Windows Server 2008 | Capitalhead.com Page 8 of 10
23. Right-click on CN=SpecialAdmins in the console tree, and then select Properties
24. On the CN=SpecialAdmins Properties window, select the msDS-PSOAppliesTo attribute, and then click the Edit button
25. On the Multi-valued Distinguished Name With Security Principal Editor window, click on the Add Windows Account button
26. On the Select Users, Computers, or Groups window, enter SpecialAdmins in the Enter the object names to select field, and then click OK
http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx 3/7/2010
Step-by-Step Guide to Fine-Grained Passwords in Windows Server 2008 | Capitalhead.com Page 9 of 10
27. Click OK on the Multi-valued Distinguished Name With Security Principal Editor window
28. Click OK on the CN=SpecialAdmins Properties window
Conclusion
This step-by-step guide demonstrated how to configure fine-grained passwords in Windows Server 2008. We defined a number of password settings and applied it to a
Active Directory Group. From now on, all user members of the group will be applied with the custom password policy.
References
What is the function of the msDS-LockoutDuration element of the fine-grain account lockout policy?
http://www.ucertify.com/article/what-is-the-function-of-the-msds-lockoutduration-element-of-the-fine-grain-account-lockout-policy.html
| More
Articles of Interest
• Click to activate and use this control - KB912812
• Disable click noise in Internet Explorer and Windows Explorer
• Enable HTTP Compression for your ASP.NET applications
• How to configure Internet Explorer to have more than two download sessions
• Benchmarking VMware ESX Server 2.5 vs Microsoft Virtual Server 2005 Enterprise Edition
• Enabling Envelope Journaling in Microsoft Exchange 2003
• Viruses: The Next Generation - How to protect yourself
http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx 3/7/2010
Step-by-Step Guide to Fine-Grained Passwords in Windows Server 2008 | Capitalhead.com Page 10 of 10
• Benchmarking Microsoft Virtual Server 2005
• Adding XML Parser support into WinPE
• Activating ActiveX Controls
• Shutdown or Restart Computers Remotely
• Object doesn't support this property or method
• W3Proxy.exe high memory usage on ISA 2000 and SBS 2003
• Trojan Factory-Tfactory-A
• Using Google Apps & Gmail as a Disaster Recovery and Business Continuity Plan for your Email
• Configuring your email client for use with Gmail: Outlook 2007
• New Text Document option missing in Windows XP and Vista
• Give your company an international presence, Use Skype and Save Money
• Troubleshooting LDAP SSL connection issues between Microsoft ILM/MIIS & Novell eDirectory 8.7.3
• Using & Installing Multiple Versions of Trados on the Same Computer
• Migrate BIND-based (UNIX or Linux) DNS to Windows Server 2003 using Notepad
• Troubleshooting Windows Rights Management Services (RMS) - One Root Certification Server Warning
• How to Install and configure a Windows Server 2003-based DNS Service
• Force Sysprep to Prompt for a Computer Name During Mini-Setup in Windows XP
• Enable & Install Microsoft Bluetooth Stack on Windows Server 2008 x64
• Enable ActiveSync & Windows Mobile Device Center Synchronization on Windows Server 2008 x64
• Interactive Logon Process Initialization Has Failed in Windows Server 2008 x64
• Network Access Protection (NAP) an Introduction
• Upgrade to Microsoft Exchange 2007 from Exchange 2003 or 2000
• SAN vs DAS: A Cost Analysis of Storage in the Enterprise
• Duet & SAP: Architectural Overview
• Step-by-Step Guide to Fine-Grained Passwords in Windows Server 2008
• Hyper-V: Msvm_VirtualSystemManagementService Object Was Not Found Error
• Installing System Center Virtual Machine Manager (SCVMM) 2008 Step-by-Step Guide: SCVMM Server - Part 1
• Virtual Machine Manager (VMM) 2008 and Hyper-V Cluster: Virtual Network Missing From Dropdown
• Installing System Center Data Protection Manager (SCDPM) 2007 on Windows Server 2008 Step-by-Step Guide
• Installing Exchange Server 2010 Public Beta on Windows Server 2008: A First Look
• How to Find Build and Revision Number of Windows Vista or Windows Server 2008 Installed
• Object doesnt support this property or method
• Windows XP Mode in Windows 7 and Virtual PC - Part 1: Maintaining Application Compatibility
• Windows XP Mode in Windows 7 and Virtual PC - Part 2: Create Virtual Machines
• Windows XP Mode in Windows 7 and Virtual PC - Part 3: Use virtual machine application on Windows 7
• Restart or Shutdown Windows Computer Using CMD and SHUTDOWN Commands from the Command Line
• Microsoft Exchange Server Build Numbers and Release Dates
• Uninstall Integration Services from Hyper-V Windows Guest Virtual Machine
• Disable Click Sound in Internet Explorer IE and Windows 7 x64 and x86
• Enable ActiveSync & Windows Mobile Device Center Synchronization on Windows 7 x64 and x86
• IRQL_NOT_LESS_OR_EQUAL Blue Screen Error in Windows Server 2008 R2 x64 and x86
• How to run SDL Trados 2006 on Windows Vista and Windows 7
• Windows 7 DVD Drive Not Working Problem Missing Disappeared Error Gone Not Found Not Recognized in x64 and x86
• Enable Logon Using Biometric Fingerprint Reader in Windows 7 x86 & x64
• Failover Cluster Validation Error 80070005 on Windows Server 2008 R2 x64
• Windows 7 Requirements for 64-bit (x64) and 32-bit (x86) Personal Computers
• Skype Update Not Working or Downloading Latest Builds
• Free Real-time Anti-Virus and Anti-Spyware Protection for Windows 7: Microsoft Security Essentials
• Installing Microsoft Security Essentials on Windows 7
• Screen-by-screen Exploration of Microsoft Security Essentials on Windows 7
• Windows 7 Wireless (Wi-Fi) Not Working Problem Missing Listing Detecting Access Point in x64 and x86
• Microsoft Office 2010 encountered an error during setup: Error 1935 and 0x80070005
• Benchmarking Hyper-V on Windows Server 2008 R2 x64
• How to Restore a SQL 2008 Failover Cluster onto New Disk Volumes and Fix the Microsoft Distributed Transaction Coordinator (MSDTC) on Windows Server 2008 x64
Virtualization How to Restore a SQL 2008 Failover We are pleased to announce that
Cluster onto New Disk Volumes and Fix Capitalhead has partnered with Dell
Virtual Lab Automation
the Microsoft Distributed Transaction
Compute...
Software Development Coordinator (MSDTC) on Windows
Server 2008 x64 Learn More ›
Email Intelligence
Network Design Microsoft Office 2010 encountered an Akimbi gets 1st APAC Customer
error during setup: Error 1935 and
Project Management 0x80070005 Akimbi Systems, the global leader in
Security Windows 7 Wireless (Wi-Fi) Not Virtual Lab Automation software, has
Translation & Localisation Working Problem Missing Listing e...
Detecting Access Point in x64 and x86 Learn More ›
Web & Graphic Design
Screen-by-screen Exploration of
Broadband & ADSL2 Microsoft Security Essentials on
Domain Registration & Hosting Windows 7
Installing Microsoft Security Essentials
on Windows 7
Free Real-time Anti-Virus and Anti-
Spyware Protection for Windows 7:
Microsoft Security Essentials
Skype Update Not Working or
Downloading Latest Builds
http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx 3/7/2010