Fine Grain Password Policy Tool Beta 2 is ready!

Fine Grain Password Policy Tool Beta 2 is ready!

Build: FGPP Beta 2_2256-20080120.1
Branch: FGPP-Beta2-branch.
Usage: In a Windows Server 2008 Test environment.

General Information

Overview of Fine Grain Password Policies in Windows Server 2008:
http://technet2.microsoft.com/windowsserver2008/en/library/056a73ef-5c9e-44d7-acc1-4f0bade6cd751033.mspx

Download

Download Fine Grain Password Policy Tool (x86) Beta 2.
http://blogs.chrisse.se/files/folders/32/download.aspx

Download Fine Grain Password Policy Tool (x64) Beta 2.
http://blogs.chrisse.se/files/folders/33/download.aspx

Quick Start Guide
http://blogs.chrisse.se/blogs/chrisse/pages/fine-grain-password-policy-tool.aspx

System Requirements

Fine Grain Password Policy Tool (FGPP) Beta 2 are “Supported” on the following platforms

·         Windows Server 2008

·         Windows Vista and Windows Vista Service Pack 1

·         Windows Server 2003 Service Pack 1 and Windows Server 2003 R2

·         Windows XP Service Pack 2

 

Prerequisites

Before installing this build, you must have:

Windows Server 2008 and Windows Vista

·         Windows Server 2008 Active Directory Domain.

·         Windows PowerShell installed (for command-line and scripting support)

Windows Server 2003 and Windows XP

·         Microsoft .NET Framework 2.0.

·         Microsoft Management Console 3.0

·         Windows Server 2008 Active Directory Domain,

·         Windows PowerShell installed (for command-line and scripting support)

Microsoft Managemnt Console for Fine Grain Password Polices: (Click for full size)



Usage information 

Note: Use Fine Grain Password Policy at your own risk.

Note: The Fine Grain Password Policy Tool will currently only work from a domain joined computer.

Fine Grain Password Policy Tool Core PowerShell Samples.

FGPP Beta 2 Milestone (Build 2230-2258) supports the following PowerShell Commands.

Create new Password Policies
New-PasswordPolicy <Name> [-domain <FQDNDomainName>] -MaximumPasswordAge <DD.HH:MM> -MinimumPasswordAge <DD.HH:MM> -MinimumPasswordLength <PassswordMinLenght> -PasswordComplexityEnabled <$True/$False> -PasswordReversibleEncryptionEnabled <$True/$False> -PasswordSettingsPrecendence <PrecendenceOrder> -PasswordHistoryLength <NumberOfPasswords> -LockoutDuration <DD.HH:MM> -LockoutObservationWindow <DD.HH:MM> -LockoutThreshold <int> -AppliesTo *SupportedNameFormats

Modify existing Password Policies
Modify-PasswordPolicy <name> [-domain <FQDNDomainName>] [-MaximumPasswordAge <DD.HH:MM>] [-MinimumPasswordAge <DD.HH:MM>] [-MinimumPasswordLength <PassswordMinLenght>] [-PasswordComplexityEnabled <$True/$False>] [-PasswordReversibleEncryptionEnabled <$True/$False>] [-PasswordSettingsPrecendence <PrecendenceOrder>] [-PasswordHistoryLength <NumberOfPasswords>] [-LockoutDuration <DD.HH:MM>] [-LockoutObservationWindow <DD.HH:MM>] [-LockoutThreshold <int>] -AppliesToAdd *SupportedNameFormats -AppliesToRemove *SupportedNameFormats

Delete Password Policies
Delete-PasswordPolicy <name> [-domain <FQDNDomainName>] [-all]

Reame Password Policies
Rename-PasswordPolicy <name> [-domain <FQDNDomainName>] -NewName <name>

Add users and global groups to an existing Password Policy
Add-PasswordPolicy -Name <name> [-domain <FQDNDomainName>] -AppliesTo *SupportedNameFormats

Remove users and global groups to an existing Password Policy
Remove-PasswordPolicy -Name <name> [-domain <FQDNDomainName>] -AppliesTo *SupportedNameFormats [-all]

Get the Effective PasswordPolicy for one or more users objects
Get-PasswordPolicyEffective <name> [-domain <FQDNDomainName>]

------------------------------------------------------------------------------------------------------------------------------------

*SupportedNameFormats: [Domain\UserN, "First LastName", {4fa050f0-f561-11cf-bdd9-00aa003a77b6}, example.microsoft.com/software/user name, usern@example.microsoft.com, S-1-5-21-397955417-626881126-188441444-501]

Fine Grain Password Policy Tool Additional PowerShell Samples.

FGPP Beta 2 Milestone (Build 2230-2258) supports the following PowerShell Commands.

------------------------------------------------------------------------------------------------------------------------------------

How to use the Get-PasswordPolicy and New-PasswordPolicy to copy an existing PasswordPolicy

Note: Any parameter can be used with New-PasswordPolicy override settings from the existing policy.

Get-PasswordPolicy <name> [-domain <FQDNDomainName>] | New-PasswordPolicy <Name> [-domain <FQDNDomainName>] [-MaximumPasswordAge <DD.HH:MM>] [-MinimumPasswordAge <DD.HH:MM>] [-MinimumPasswordLength <PassswordMinLenght>] [-PasswordComplexityEnabled <$True/$False>] [-PasswordReversibleEncryptionEnabled <$True/$False>] [-PasswordSettingsPrecendence <PrecendenceOrder>] [-PasswordHistoryLength <NumberOfPasswords>] [-LockoutDuration <DD.HH:MM>] [-LockoutObservationWindow <DD.HH:MM>] [-LockoutThreshold <int> -AppliesTo * SupportedNameFormats]

------------------------------------------------------------------------------------------------------------------------------------

How to check policy compliance for linked users for a one or more Password Policies

foreach ($Policy in Get-PasswordPolicy [<Name>]) { foreach ($Applied in $Policy.AppliesTo) { Get-PasswordPolicyEffective $Applied } }