Configure Fine-grained Password Policies In Windows Server 2008

Martin Brinkmann
May 20, 2009
Updated • May 23, 2018
Software, Windows software

Specops Password Policy Basic is a commercial program for Microsoft Windows to manage fine-grained password policies on Windows Server.

So called fine-grained password policies is a new feature of Windows Server 2008. This new feature allows system administrators to configure password policies for different user groups. Windows Server 2003 was not as flexible as it only allowed to set one password policy for all users.

A password policy restricts passwords, for instance by enforcing a minimum length or complexity to avoid that users pick easy to guess passwords or basic passwords such as qwerty.

Specops Password Policy Basic

password policy

The manual configuration of fine-grained password policies requires quite some time. A software program like Specops Password Policy Basic is therefore a handy addition for every system administrator who wants to configure the new password policy on Windows Server 2008 or newer versions of Windows Server.

The program is available as a trial version, and as a commercial software version. It requires the Microsoft .net Framework 2, the Microsoft Management Console and PowerShell.

The interface of the application makes it less time consuming to configure password policies for specific user groups in Windows Server. It basically centers around creating, configuring and managing password policies.

The following parameters can be defined for each password policy:

A Password Settings object (PSO) has attributes for all the settings that can be defined in the Default Domain Policy (except Kerberos settings). These settings include attributes for the following password related values:

  • Enforce password history
  • Maximum password age
  • Minimum password age
  • Minimum password length
  • Passwords must meet complexity requirements
  • Store passwords using reversible encryption
  • Account lockout duration
  • Account lockout threshold
  • Reset account lockout after

password policies

User groups can be added to newly created policies. It has to be noted that user groups cannot be empty as empty user groups cannot be added to password policies.

The program displays an overview of all password policies on the computer system. The order can be changed which is important if users are members of multiple user groups.

Here is a product demonstration by the company that you may find useful as it highlights how the program works.

A trial of Specops Password Policy Basic can be downloaded from the developer's homepage.


Specops Password Policy Basic is a useful program for Windows Server administrators who want better management options when it comes to password policies.

software image
Author Rating
no rating based on 0 votes
Software Name
Specops Password Policy
Operating System
Software Category
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.