Chapter 10. Fine-grained password policies

 

Now that you’ve learned how to administer your environment using Group Policies, it’s time to look at customizing the password settings in your domain. You’ll perform this task using fine-grained password policies, which are also known as Password Settings Objects (PSOs). The two terms are used interchangeably in this chapter. They enable you to have multiple password policies in the domain, which means your organization saves the cost of having multiple domains. PSOs make security more granular and enable you to apply stricter password requirements to sensitive groups such as your administrators.

The chapter starts with an overview of the concepts surrounding PSOs. After this short theory section, we’ll get back to the practical nature of administering Active Directory by showing you how to create, apply, and test fine-grained password policies.

Once the policies have been created, you need to be able to apply them to your users and groups. There are times when you need to determine the password policy that applies to a particular user. This technique is covered in the last section of the chapter. A number of practical exercises are supplied throughout the chapter, culminating in a lab section to close the chapter.

Before you can learn to manage these objects, you need to understand what they are and what they can do for your environment.

10.1. Fine-grained password policy concepts

 
 

10.2. Creating fine-grained password policies

 
 

10.3. Determining policies that exist in the domain

 
 
 

10.4. Applying PSOs to users and groups

 
 
 
 

10.5. Testing the results of a policy applied to a user using PowerShell

 
 

10.6. LAB

 
 
 
 

10.7. Ideas for on your own

 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest