Configure the precise password policy and account lockout policy in Windows Server 2008

Source: Internet
Author: User

In Windows 2000 and Windows 2003 Active Directory domains, we can only apply a password policy and account lockout policy for all user configurations in Default Domain policy, if we need to develop different password and account lockout policies for special users. We can only create a new domain by creating a method, because a previous domain can only use one password and account lockout policy.

A new feature, called an exact password policy, is added to Windows Server 2008 ADDS, which can be used to define multiple password policies in a domain and apply it to users or global security groups, noting that they are not applied to OUs, and to use this feature, We need to use the ADSIEdit editor to create password Settings objects (PSOs) for the domain, and here's how to do it:

First open the ADSIEdit editor in 08DC, and navigate to the following diagram position:

Right-click the Cn=password Settings Container node to select New and select the "msds-passwordsettings" category in the pop-up window, as shown in the following illustration:

Enter a name for the new password Settings objects in the Immediate window, as shown in the following illustration:

Set a value for the Msds-passwordsettingsprecedence property in the pop-up window, which is the priority setting, and if more than one password policy in the domain is linked directly to the user, the policy with the smallest priority value will be applied, as shown in the following figure:

In the pop-up window set a Boolean value for the Msds-passwordreversibleencryptionenabled property, you can set the False/true, which corresponds to the "Store password with reversible encryption" setting in Group Policy, after setting false, click "Next", as shown in the following illustration:

In the pop-up window, set a value for the Msds-passwordhistorylength property, which corresponds to the Enforce password history setting in Group Policy, with a range of 0-1024 available, and then click Next after this setting, as shown in the following illustration:

Set a Boolean value for the Msds-passwordcomplexityenabled property in the pop-up window to set the False/true, which corresponds to the "Password must meet complexity requirements" setting in Group Policy, set to Enabled, click Next, as shown in the following illustration:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.