Fine Grain Password Policy Tool Beta 1 is ready!
Fine Grain Password Policy Tool Beta 1 is ready!
Authors:
Christoffer Andersson.
Microsoft MVP – Directory Services
Executive Consultant - TrueSec
Thanks to the following people for helping me develop the Fine Grain Password Policy Tool
Build: FGPP Beta 1_2228-20070706.0
Branch: FGPP-Beta1-branch
Usage: In a Windows Server 2008 Test Environment.
Overview of Fine Grain Password Policies in Windows Server 2008:
http://technet2.microsoft.com/windowsserver2008/en/library/056a73ef-5c9e-44d7-acc1-4f0bade6cd751033.mspx
Download Fine Grain Password Policy Tool (x86) Beta 1.
http://blogs.chrisse.se/files/folders/fgpp/entry12.aspx Download Fine Grain Password Policy Tool (x64) Beta 1.
http://blogs.chrisse.se/files/folders/fgpp/entry13.aspx
Quick Start Guide: http://blogs.chrisse.se/blogs/chrisse/pages/fine-grain-password-policy-tool.aspx
System Requirements
Fine Grain Password Policy Tool (FGPP) Beta 1 are “Supported” on the following platforms
- Windows Server 2008 / Longhorn Server Beta 3
- Windows Vista
- Windows Server 2003 Service Pack 1 and Windows Server 2003 R2
- Windows XP Service Pack 2
Prerequisites
Before installing this build, you must have:
Windows Server 2008 and Windows Vista
- Windows Server 2008 Active Directory Forest or (Schema Version 40 or later) Windows Server 2008 Beta 3.
- Windows PowerShell installed (for command-line and scripting support only)
Windows Server 2003 and Windows XP
- Microsoft .NET Framework 2.0.
- Microsoft Management Console 3.0
- Windows Server 2008 Active Directory Forest or (Schema Version 40 or later) Windows Server 2008 Beta 3.
- Windows PowerShell installed (for command-line and scripting support only)
Microsoft Managemnt Console for Fine Grain Password Polices: (Click for full size)
Manage Fine Grain Password Policies using Windows PowerShell: (Click for full size)
Use Fine Grain Password Policy Tool at your own risk.
Note: The Fine Grain Password Policy Tool will currently only work from a domain joined computer.
Note: This is the beta 1 milestone of the Fine Grain Password Policy tool. I have a lot of features coming into this tool.
Additional PowerShell Samples.
Note: FGPP Beta 1 Milestone (Build 2228) supports the following Windows PowerShell Commands.
Create new Password Policies
New-PasswordPolicy <Name> -MaximumPasswordAge <days> -MinimumPasswordAge <days> -MinimumPasswordLength <PassswordMinLenght> -PasswordComplexityEnabled <True/False> -PasswordReversibleEncryptionEnabled <True/False> -PasswordSettingsPrecendence <PrecendenceOrder> -PasswordHistoryLength <NumberOfPasswords> -LockoutDuration <minutes> -LockoutObservationWindow <minutes> -LockoutThreshold <int> -AppliesTo *SupportedNameFormats
Modify existing Password Policies
Modify-PasswordPolicy -Name <name> [-MaximumPasswordAge <days>] [-MinimumPasswordAge <days>] [-MinimumPasswordLength <PassswordMinLenght>] [-PasswordComplexityEnabled <True/False>] [-PasswordReversibleEncryptionEnabled <True/False>] [-PasswordSettingsPrecendence <PrecendenceOrder>] [-PasswordHistoryLength <NumberOfPasswords>] [-LockoutDuration <minutes>] [-LockoutObservationWindow <minutes>] [-LockoutThreshold <int>] -AppliesToAdd *SupportedNameFormats -AppliesToRemove *SupportedNameFormats
Delete Password Policies
Delete-PasswordPolicy -Name <name> [-all]
Reame Password Policies
Rename-PasswordPolicy -Name <name> -NewName
Add users and global groups to an existing Password Policy
Add-PasswordPolicy -Name <name> -AppliesTo *SupportedNameFormats
Remove users and global groups to an existing Password Policy
Remove-PasswordPolicy -Name <name> -AppliesTo *SupportedNameFormats [-all]
-------------------------------------------------------------------------------------------------------------------------
*SupportedNameFormats: [Example\UserN, "First LastName", {4fa050f0-f561-11cf-bdd9-00aa003a77b6}, example.microsoft.com/software/user name, usern@example.microsoft.com, S-1-5-21-397955417-626881126-188441444-501]