Manage Fine-Grained Password Policies

Fine-grained password policies enable you to define multiple password and account lockout policies within a domain. This capability allows you to apply different levels of security to different users and groups. For example, you can apply strict policies to privileged users, such as administrators, and less severe policies to other users.

Password policies can only be managed in Active Directory domains.

In this tutorial, you will learn how to configure and manage Fine-Grained Password Policies using Adaxes.

  1. Launch Adaxes Administration Console.

    Right-click a domain, point to All Tasks, and click Configure Password Policies in the context menu.

    To use Fine-Grained Password Policies, the domain functional level must be at least Windows Server 2008.

  2. The Password Policies dialog allows you to manage fine-grained password policies and the default domain password policy that is normally configured in the Default Domain Policy GPO.

    To create, edit and delete policies, use the buttons located at the bottom of the Password Policies list.

  3. To assign a policy, select it in the list and click Add in the Applies To section.

    Fine-grained password policies can be applied to global security groups or individual user accounts.

  4. If two or more password policies are applied to one and the same user, the policy with a higher precedence will be in effect. To change the precedence of a policy, select it and use the buttons.

    To view all users affected by a password policy, select it and click Show all affected users.

    To find out which policy is effective for a specific user, click Lookup policy for user.

    Alternatively, to determine which password policy is applied to a user, you can use the Properties dialog.

    • Right-click a user account and click Properties in the context menu.

    • Activate the Account tab.

    • In the Password section, click Password Policy.