Manage Fine-Grained Password Policies
Starting from Windows Server 2008 onwards, it is possible to define different password and account lockout policies for different sets of users in Active Directory. In Windows Server 2000 and Windows Server 2003 Active Directory domains, only one password policy and account lockout policy can be applied to all users in the domain.
- launch Adaxes Administration Console,
- right-click the domain you need,
- point to All Tasks,
- click Raise Domain Functional Level.
Fine-grained password policies enable you to define multiple password and account lockout policies within a domain. This capability allows you to apply different levels of security to different users and groups. For example, you can apply strict policies to privileged users (such as administrators and help desk personnel) and less severe policies to other users.
In this tutorial, you will learn how to configure and manage Fine-Grained Password Policies using Adaxes.
Launch Adaxes Administration Console, right-click the domain, for which you want to configure fine-grained password policies, point to All Tasks, and select Configure Password Policies from the context menu.
The Password Policies dialog displays an overview of the password policies currently defined in the domain.
To define a new password policy:
- Click the New button located under the Password policies list.
- In the New Password Policy dialog that opens, type a name for the new password policy and specify necessary password and account lockout settings.
- Click OK.
- Click the Add button located under the Applies to list to apply the new password policy to users and groups you need.
- Select the users and groups you need.
- Click OK.
To change the precedence order of a password policy, select this policy in the Password policies list and use Move Up and Move Down buttons.
To view all users affected by a password policy, select the password policy you need and click the Show All Affected Users button located under the Applies to list.
To view the password policy effective for a specific user, click Lookup Policy for User. In the Select User dialog, select the user you need and click OK. The password policy effective for the selected user will be highlighted.
Alternatively, to view the password policy effective for a user (not using the Password Policies dialog), do the following:
- Right-click the user you need and click Properties.
- Select the Account tab.
- In the Password section, click Password Policy.
The View Password Policy dialog will display Password Policy restrictions effective for the selected user.