Fine Grain Password Policy Tool 1.0 (2300.0) RTM
Build: FGPP RTM_2300-20081223.0
Branch: FGPP-RTM-branch.
Usage: Production Usage.
General Information
This build is the final RTM build of the Fine Grain Password Policy Tool. (FGPP RTM_2300-20081223.0) For full release notes see the document “Release notes for Fine Grain Password Policy Tool” included in the package, as well to be released on the website later today, other documentation available with this release are.
· Quick Start Guide for Fine Grain Password Policy Tool
· Windows PowerShell Usage for Fine Grain Password Policy Tool
· Password Policy Samples for Fine Grain Password Policy Tool
Acknowledgements
Stanimir Stoyanov, thanks for providing the incredible support and your ideas while this piece of software was being written. Especially for the work that was done with the Native Methods. Please have a look at this blog for other projects he has been released http://www.stoyanoff.info
Björn Österman, thanks for your help and support with the initial design of the Password Policy class.
TrueSec Team, thanks for providing support while this piece of software was being written.
Overview of Fine Grain Password Policies in Windows Server 2008:
http://technet2.microsoft.com/windowsserver2008/en/library/056a73ef-5c9e-44d7-acc1-4f0bade6cd751033.mspx
Download
Download Fine Grain Password Policy Tool (x86) 1.0.
http://blogs.chrisse.se/files/folders/fgpp/entry51.aspx
Download Fine Grain Password Policy Tool (x64) 1.0.
http://blogs.chrisse.se/files/folders/fgpp/entry50.aspx
Quick Start Guide.
http://blogs.chrisse.se/blogs/chrisse/pages/fine-grain-password-policy-tool.aspx
System Requirements
Fine Grain Password Policy Tool 1.0 are “Supported” on the following platforms
· Windows Server 2008
· Windows Server 2008 R2 Beta 1 (Build 7000) or later
· Windows Vista, Windows Vista with Service Pack 1 or later
· Windows 7 Beta (Build 7000) or later
· Windows Server 2003 with Service Pack 1 or later and Windows Server 2003 R2
· Windows XP Service Pack 2 or later
Prerequisites
Before installing this build, you must have:
Windows Server 2008, Windows Server 2008 R2 and Windows Vista, Windows 7
· Windows Server 2008 Active Directory Domain.
· Windows PowerShell installed (for command-line and scripting support)
Windows Server 2003 and Windows XP
· Microsoft .NET Framework 2.0.
· Microsoft Management Console 3.0
· Windows Server 2008 Active Directory Domain.
· Windows PowerShell installed (for command-line and scripting support)
Usage information
Fine Grain Password Policy Tool Core PowerShell Samples.
FGPP RC0 Milestone (Build 2270-2292) supports the following PowerShell Commands.
Create new Password Policies
New-PasswordPolicy <Name> [-domain <FQDNDomainName>] >] [–server <DCFQDN>] -MaximumPasswordAge <timespan> -MinimumPasswordAge <timespan> -MinimumPasswordLength <PassswordMinLenght> -PasswordComplexityEnabled <$True/$False> -PasswordReversibleEncryptionEnabled <$True/$False> -PasswordSettingsPrecendence <PrecendenceOrder> -PasswordHistoryLength <NumberOfPasswords> -LockoutDuration <timespan> -LockoutObservationWindow <timespan> -LockoutThreshold <int> -AppliesTo *SupportedNameFormats
Modify existing Password Policies
Modify-PasswordPolicy <name> [-domain <FQDNDomainName>] >] [–server <DCFQDN>] [-MaximumPasswordAge <timespan>] [-MinimumPasswordAge <timespan>] [-MinimumPasswordLength <PassswordMinLenght>] [-PasswordComplexityEnabled <$True/$False>] [-PasswordReversibleEncryptionEnabled <$True/$False>] [-PasswordSettingsPrecendence <PrecendenceOrder>] [-PasswordHistoryLength <NumberOfPasswords>] [-LockoutDuration <timespan>] [-LockoutObservationWindow <timespan>] [-LockoutThreshold <int>] -AppliesToAdd *SupportedNameFormats -AppliesToRemove *SupportedNameFormats
Delete Password Policies
Delete-PasswordPolicy <name> [-domain <FQDNDomainName>] [–server <DCFQDN>] [-all]
Reame Password Policies
Rename-PasswordPolicy <name> [-domain <FQDNDomainName>] -NewName <name>
Add users and global groups to an existing Password Policy
Add-PasswordPolicy -Name <name> [-domain <FQDNDomainName>] [–server <DCFQDN>] -AppliesTo *SupportedNameFormats
Remove users and global groups to an existing Password Policy
Remove-PasswordPolicy -Name <name> [-domain <FQDNDomainName>] [–server <DCFQDN>] -AppliesTo *SupportedNameFormats [-all]
Get the Effective PasswordPolicy for one or more users objects
Get-PasswordPolicyEffective <name> [-domain <FQDNDomainName>] [–server <DCFQDN>]
Export Password Policies
Export-PasswordPolicy <name> <path> [-domain <FQDNDomainName>] [–server <DCFQDN>]
Import Password Policies
Import-PasswordPolicy <name> <path> [-domain <FQDNDomainName>] [–server <DCFQDN>]
--------------------------------------------------------------------------------------------------------------------------------------------------------------
*SupportedNameFormats: [Domain\UserN, "First LastName", {4fa050f0-f561-11cf-bdd9-00aa003a77b6}, example.microsoft.com/software/user name, usern@example.microsoft.com, S-1-5-21-397955417-626881126-188441444-501]
Fine Grain Password Policy Tool Additional PowerShell Samples.
.
--------------------------------------------------------------------------------------------------------------------------------------------------------------
How to use the Get-PasswordPolicy and New-PasswordPolicy to copy an existing PasswordPolicy
Note: Any parameter can be used with New-PasswordPolicy override settings from the existing policy.
Get-PasswordPolicy <name> [-domain <FQDNDomainName>] | New-PasswordPolicy <Name> [-domain <FQDNDomainName>] [-MaximumPasswordAge <timespan>] [-MinimumPasswordAge <timespan>] [-MinimumPasswordLength <PassswordMinLenght>] [-PasswordComplexityEnabled <$True/$False>] [-PasswordReversibleEncryptionEnabled <$True/$False>] [-PasswordSettingsPrecendence <PrecendenceOrder>] [-PasswordHistoryLength <NumberOfPasswords>] [-LockoutDuration <timespan>] [-LockoutObservationWindow <timespan>] [-LockoutThreshold <int> -AppliesTo * SupportedNameFormats]
--------------------------------------------------------------------------------------------------------------------------------------------------------------
How to check policy compliance for linked users for a one or more Password Policies
foreach ($Policy in Get-PasswordPolicy [<Name>]) { foreach ($Applied in $Policy.AppliesTo) { Get-PasswordPo
licyEffective $Applied } }