Fine Grain Password Policy Tool Beta 1 is ready!

Published 14 juli 07 08:04 | Christoffer Andersson 

Fine Grain Password Policy Tool Beta 1 is ready!

Authors:
Christoffer Andersson.
Microsoft MVP – Directory Services
Executive Consultant - TrueSec

Thanks to the following people for helping me develop the Fine Grain Password Policy Tool

Build: FGPP Beta 1_2228-20070706.0
Branch: FGPP-Beta1-branch

Usage: In a Windows Server 2008 Test Environment.

Overview of Fine Grain Password Policies in Windows Server 2008:
http://technet2.microsoft.com/windowsserver2008/en/library/056a73ef-5c9e-44d7-acc1-4f0bade6cd751033.mspx

Download Fine Grain Password Policy Tool (x86) Beta 1.

http://blogs.chrisse.se/files/folders/fgpp/entry12.aspx
Download Fine Grain Password Policy Tool (x64) Beta 1.
http://blogs.chrisse.se/files/folders/fgpp/entry13.aspx

Quick Start Guide: http://blogs.chrisse.se/blogs/chrisse/pages/fine-grain-password-policy-tool.aspx

System Requirements
Fine Grain Password Policy Tool (FGPP) Beta 1 are “Supported” on the following platforms

  • Windows Server 2008 / Longhorn Server Beta 3
  • Windows Vista
  • Windows Server 2003 Service Pack 1 and Windows Server 2003 R2
  • Windows XP Service Pack 2

    Prerequisites
    Before installing this build, you must have:
    Windows Server 2008 and Windows Vista
    • Windows Server 2008 Active Directory Forest or (Schema Version 40 or later) Windows Server 2008 Beta 3.
    • Windows PowerShell installed (for command-line and scripting support only)

Windows Server 2003 and Windows XP

    • Microsoft .NET Framework 2.0.
    • Microsoft Management Console 3.0
    • Windows Server 2008 Active Directory Forest or (Schema Version 40 or later) Windows Server 2008 Beta 3.
    • Windows PowerShell installed (for command-line and scripting support only)

Microsoft Managemnt Console for Fine Grain Password Polices: (Click for full size)

Manage Fine Grain Password Policies using Windows PowerShell: (Click for full size)



Use Fine Grain Password Policy Tool at your own risk.

Note: The Fine Grain Password Policy Tool will currently only work from a domain joined computer.
Note: This is the beta 1 milestone of the Fine Grain Password Policy tool. I have a lot of features coming into this tool.

Additional PowerShell Samples.
Note: FGPP Beta 1 Milestone (Build 2228) supports the following Windows PowerShell Commands.

Create new Password Policies
New-PasswordPolicy <Name>  -MaximumPasswordAge <days> -MinimumPasswordAge <days> -MinimumPasswordLength <PassswordMinLenght> -PasswordComplexityEnabled <True/False> -PasswordReversibleEncryptionEnabled <True/False> -PasswordSettingsPrecendence <PrecendenceOrder> -PasswordHistoryLength <NumberOfPasswords> -LockoutDuration <minutes> -LockoutObservationWindow <minutes> -LockoutThreshold <int> -AppliesTo *SupportedNameFormats 

Modify existing Password Policies
Modify-PasswordPolicy -Name <name> [-MaximumPasswordAge <days>] [-MinimumPasswordAge <days>] [-MinimumPasswordLength <PassswordMinLenght>] [-PasswordComplexityEnabled <True/False>] [-PasswordReversibleEncryptionEnabled <True/False>] [-PasswordSettingsPrecendence <PrecendenceOrder>] [-PasswordHistoryLength <NumberOfPasswords>] [-LockoutDuration <minutes>] [-LockoutObservationWindow <minutes>] [-LockoutThreshold <int>] -AppliesToAdd *SupportedNameFormats -AppliesToRemove *SupportedNameFormats

Delete Password Policies
Delete-PasswordPolicy -Name <name> [-all] 

Reame Password Policies
Rename-PasswordPolicy -Name <name> -NewName

Add users and global groups to an existing Password Policy
Add-PasswordPolicy -Name <name> -AppliesTo *SupportedNameFormats 

Remove users and global groups to an existing Password Policy
Remove-PasswordPolicy -Name <name> -AppliesTo *SupportedNameFormats [-all]
-------------------------------------------------------------------------------------------------------------------------

*SupportedNameFormats: [Example\UserN, "First LastName", {4fa050f0-f561-11cf-bdd9-00aa003a77b6}, example.microsoft.com/software/user name, usern@example.microsoft.com, S-1-5-21-397955417-626881126-188441444-501]

Comments

# Fine Grain Password Policy Tool at Stanimir Stoyanov’s Blog said on juli 23, 2007 19:04:

PingBack from http://www.stoyanoff.info/blog/2007/07/23/fine-grain-password-policy-tool/

# Realtime Community | Windows Server said on augusti 2, 2007 15:34:

With Server 2008, you can now apply password policies at layers lower than "the domain". These "fine-grained password policies" allow you to apply different restrictions for password and account lockout policies for different users in a domain. Christoffer

# Jorge 's Quest For Knowledge! said on augusti 10, 2007 08:20:

In previous OSes if you wanted to create multiple password or account lockout policies you basically

# Dave Northey's Blog said on augusti 16, 2007 22:01:

My thanks to everyone who attended yesterday's Longhorn Academy - both James and I really enjoyed delivering

# Maria Green said on augusti 17, 2007 00:02:

In Windows Server 2008 we get something called Password Settings Objects or PSOs that makes it possible

# us department of education loan repayment center said on september 10, 2007 03:25:

us department of education loan repayment center

# [MSFT-BE] Arlindo's Blog - IT Pro Evangelist said on september 15, 2007 20:51:

Remember a previous blog post where I talked about the fact that with Windows Server 2008 you will now

# myspace html codes music poe said on september 19, 2007 19:50:

myspace html codes music poe

# The Sean Blog said on oktober 6, 2007 17:28:

Back in March, I wrote about one of the important new features in Windows Server 2008, the Fine-grained

# Off Campus said on oktober 11, 2007 07:48:

I promised a few links and have posted them below. I also wanted to make a correction, in the Question

Anonymous comments are disabled