Quick Start Guide for Fine Grain Password Policy Tool

Published 07 juli 07 10:55 | Christoffer Andersson 

Quick Start Guide for Fine Grain Password Policy Tool 1.0

Authors:

Christoffer Andersson.
Microsoft MVP – Directory Services

Thanks to the following people for helping me develop the Fine Grain Password Policy Tool

·        Thanks to the entire TrueSec Team for all support during the development.

 

System Requirements

Fine Grain Password Policy Tool are “Supported” on the following platforms

·         Windows Server 2008

·         Windows Server 2008 R2 Beta and later

·         Windows Vista

·         Windows 7 Beta and later

·         Windows Server 2003 Service Pack 1

·         Windows XP Service Pack 2

 

Prerequisites

Before installing this build, you must have:

Windows Server 2008 and Windows Vista or later

·         Windows Server 2008 Active Directory Domain

·         Windows PowerShell installed (for command-line and scripting support)

Windows Server 2003 and Windows XP

·         Microsoft .NET Framework 2.0.

·         Microsoft Management Console 3.0

·         Windows Server 2008 Active Directory Domain.

·         Windows PowerShell installed (for command-line and scripting support)

 

Note: The Fine Grain Password Policy Tool is only supported from a domain joined computer.


Setup

To complete the setup, you need the following:

  • The Fine Grain Password Policy installation media.
    • Click the setup.exe and follow the instructions
    • Click Finish to complete the installation.

1.1          Fine Grain Password Policy Tool - Usage

Once you have installed the Fine Grain Password Policy Tool you can start using either the MMC Snapin or PowerShell Cmd’let. (If you have PowerShell installed)

Note: Windows PowerShell can be installed or added at any time.

Note: By default only Domain Admins and Enterprise Admins have rights to create/modify Password Policy Objects. Ensure you are logged in as one of the above or have delegated necessary permission.

1.1.1        Using the Fine Grain Password Policy MMC Snap-in.

1.     Start the Microsoft Management Console 3.0

2.     Click File and  Add/Remove Snap-in or Press Ctrl + M

3.     Select the Fine Grain Password Policy Tool snap-in and click Add.

4.     Click OK to add the Fine Grained Password Policy Tool snap-in to the console.

1.1.2        Create a New Password Policy using the MMC Snap-in.

1.     Expand the Fine Grain Password Policy Tool node.

2.     Click the New Policy Task in the Actions Pane.

3.     Follow the instructions in the “New Password Policy” Wizard. Give the Password Policy a name and specify the other options after your needs.

4.     Click Finish to add the newly created policy. The policy should now appear in the list view.

1.1.4        Modify an Existing Password Policy using the MMC Snap-in.

1.   Expand the Fine Grain Password Policy Tool node.

2.  Right click the policy you crated in (1.1.2). Click Properties, Click the Applies To tab and click the Add button. The Active Directory Object Picker will now appear.

Note: The Object Picker is default set to search for both Users and Groups.

3.  Search for one or more global security group(s) or user(s) that you want to link to the Password Policy. Click the Apply button to save the changes.

4.  Click OK to close the properties window.


 

1.1.5        Find the Effective Password Policy for one or more users using the MMC Snap-in.

1.     Expand the Fine Grained Password Polices node.

2.     Click the Resultant Policy Wizard Task in the Actions Pane.

3.     Click the Add button. The Active Directory Object Picker will now appear.

Note: The Object Picker is default set to search for both Users and Groups.

4.  Search for one or more user(s) that you want to view the Effective Password Policy for. Click the Ok button.

5.  You will now se the Effective Password Policies for the select user(s).


1.1.6        Configure the PaswordPolicy PowerShell Cmd’Let.

1. Start Windows PowerShell.
2.  Type the following command: Add-PSSnapin PasswordPolicy and press enter.

Note: The PasswordPolicy Cmd'let should now been sucessfully loaded, and the PasswordPolicy commands should be ready for use.

1.1.7        List Password Polices using the PowerShell Cmd’Let.


1.  Type the following command: Get-PasswordPolicy and press enter.

Note:
To get a specific password policy type Get-PasswordPolicy <name>

1.1.8        Modify a Password Policy using the PowerShell Cmd’Let..

1.  Type the following command: Modify-PasswordPolicy –name “ <name of the policy in (1.1.2)>” --PasswordComplexityEnabled $True –AppliesToAdd Domain\User  and press enter.

Note:
You have now modified the existing password policy and changed the Password Complexity Setting to Enabled and linked a user to the policy.

Comments

# Christoffer Andersson said on juli 14, 2007 12:31:

Fine Grain Password Policy Tool Beta 1 is ready! Build: FGPP Beta 1_2228-20070706.0 Branch: FGPP-Beta1-branch

# Björn Österman's Infrastructural Programming? said on juli 16, 2007 08:53:

I Windows Server 2008 kommer en ny funktion som heter "Fine-grained Password Policy" (FGPP) som innebär...

# Christoffer Andersson [AD MVP] said on augusti 6, 2007 03:30:

Fine Grain Password Policy Tool Beta 1 is ready! Authors:Christoffer Andersson.Microsoft MVP – Directory...

# Björn Österman's Infrastructural Programming? said on augusti 13, 2007 20:29:

Hi I've created a CmdLet called Convert-Username. It's a wrapper around the Microsoft API DsCrackNames,...

# Maria Green said on augusti 17, 2007 00:02:

In Windows Server 2008 we get something called Password Settings Objects or PSOs that makes it possible

# eXtreme. cool technology. live life on the edge. said on augusti 29, 2007 05:40:

In Server 2003 or R2 one of the major limitations was the ability to only have one password policy per

# Christoffer Andersson said on februari 5, 2008 21:57:

Fine Grain Password Policy Tool Beta 2 is ready! Build: FGPP Beta 2_2256-20080120.1 Branch : FGPP-Beta2-branch.

# Christoffer Andersson [AD MVP] said on februari 5, 2008 22:07:

Fine Grain Password Policy Tool Beta 2 is ready! Build: FGPP Beta 2_2256-20080120.1 Branch : FGPP-Beta2

# Christoffer Andersson said on oktober 6, 2008 16:46:

General Information This build is very close to RTM quality and is “feature complete” we have resolved

# Christoffer Andersson [AD MVP] said on oktober 6, 2008 16:52:

General Information This build is very close to RTM quality and is &ldquo;feature complete&rdquo; we

Anonymous comments are disabled