How to: Managing Fine-Grained Password Policy in Windows Server 2012

Now we have the possibility to look at the new features in Windows Server 2012, and I will in future posts describe some of them.

In this post you can see a demonstration of how to create and configure Fine-Grained Password Policy on a Windows Server 2012 domain controller through the Active Directory Administrative Center. You can get more detailed information of the Fine-Grained Password Policy configuration with Server 2008 (R2) in my previous post, http://masteringwindows.blogspot.com/2012/03/managing-fine-grained-password-policy.html

As described in the previous post, the creation and configuration of a Password Setting Object (PSO) was a little difficult and you needed the ADSI Editor to create the PSO in a graphically way.

Windows Server 2012 addresses this by making the creation and configuring possible through the Active Directory Administrative Center in an easy way, as I will demonstrate in the following.

1. There are several ways to start the Active Directory Administrative Center on a Windows Server 8 Beta domain controller. One way is by Start screen and in the Metro-style interface click on Active Directory Administrative Center.

2.  In the Active Directory Administrative Center you can change the left pane to show the traditional tree view. Expand your domain and then locate and expand the System container

3.   In the System container locate the Password Setting Container from where you can create and manage your PSO.

4. When you select the Password Setting Container you can create a PSO by selecting the New option the Task pane in the right side of the screen.

5. As you can see, you now have a single screen where you can configure all attributes in the PSO inclusive the user or group the PSO applies to – beautiful!

In this case I create a PSO that applies to the IT Managers group.

6. If you need to examine a specific user for an applied PSO you can do that easily in a GUI fashion, just by right-clicking the user and select View resultant password settings…

Summary

The Fine-Grained Password Policy feature offers you the ability to make dedicated password and account lockout policies in your enterprise and on a Windows Server 2012 domain controller the configuration is simple and straightforward. Actually I haven’t seen a 3.party tool that gives you the same intuitive GUI.