Configure Fine-grained Password Policies In Windows Server 2008
Specops Password Policy Basic is a commercial program for Microsoft Windows to manage fine-grained password policies on Windows Server.
So called fine-grained password policies is a new feature of Windows Server 2008. This new feature allows system administrators to configure password policies for different user groups. Windows Server 2003 was not as flexible as it only allowed to set one password policy for all users.
A password policy restricts passwords, for instance by enforcing a minimum length or complexity to avoid that users pick easy to guess passwords or basic passwords such as qwerty.
Specops Password Policy Basic
The manual configuration of fine-grained password policies requires quite some time. A software program like Specops Password Policy Basic is therefore a handy addition for every system administrator who wants to configure the new password policy on Windows Server 2008 or newer versions of Windows Server.
The program is available as a trial version, and as a commercial software version. It requires the Microsoft .net Framework 2, the Microsoft Management Console and PowerShell.
The interface of the application makes it less time consuming to configure password policies for specific user groups in Windows Server. It basically centers around creating, configuring and managing password policies.
The following parameters can be defined for each password policy:
A Password Settings object (PSO) has attributes for all the settings that can be defined in the Default Domain Policy (except Kerberos settings). These settings include attributes for the following password related values:
- Enforce password history
- Maximum password age
- Minimum password age
- Minimum password length
- Passwords must meet complexity requirements
- Store passwords using reversible encryption
- Account lockout duration
- Account lockout threshold
- Reset account lockout after
User groups can be added to newly created policies. It has to be noted that user groups cannot be empty as empty user groups cannot be added to password policies.
The program displays an overview of all password policies on the computer system. The order can be changed which is important if users are members of multiple user groups.
Here is a product demonstration by the company that you may find useful as it highlights how the program works.
A trial of Specops Password Policy Basic can be downloaded from the developer's homepage.
Verdict
Specops Password Policy Basic is a useful program for Windows Server administrators who want better management options when it comes to password policies.
Leave a Reply