Configuring password policy in Windows Server 2008 (fine grained password policies).

In Windows Server 2000 or Windows Server 2003, only one password policy could be applied to all users in the domain. In Windows Server 2008 we can define different password policies for different sets of users in a domain. This features is named ??ofine grained password policies???

In this way we can have one password policy for VIP users and other password policy for common users.

How to configuring fine grained password policies?

1. Run ADSIEdit console
2. Connect with domain controller
3. Choose ??oSystem??? container and right click ?Password Settings Container??? (this is new container with contain fine grained password policies)
4. Choose new object and msDN-PasswordSetings

5. Write name of policy
6. Complete all settings:
??c Enforce password history (according to Your password policy)
??c Maximum password age (according to Your password policy)
??c Minimum password age (according to Your password policy)
??c Minimum password length (according to Your password policy)
??c Passwords must meet complexity requirements (true or false)
??c Store passwords using reversible encryption (true or false)
??c Account lockout duration (according to Your password policy)
??c Account lockout threshold (according to Your password policy)
??c Reset account lockout after (according to Your password policy)
7. The last configuration setting is attribute ?msDS-PSOAppliesTo???. This is ?Distinguished Name??? of users or groups to with fine grained password policies is applied.