What is a fine-grain password and account lockout policy?
What is a fine-grain password and account lockout policy?
Rating:
A fine-grain password and account lockout policy is a collection of various policies. When a GPO is configured to apply password and account lockout policies, these policies are applied for the entire domain. In order to set a different password or account lockout polices based on account roles in a domain, a new feature called fine-grain password and account lockout policy has been introduced in Windows Server 2008. Fine-grain policies can be applied only to users and global security groups. These policies cannot be applied to sites, domains, and organizational units (OUs). More than one fine-grain policy can be applied to a user or group. In case of a conflict, a policy having a lower precedence value will take precedence over the other. To support fine-grain policies, two new Active Directory object classes have been added to Active Directory Schema-Password Settings Container (PSC) and Password Settings Objects (PSO). Fine-grain policies can be created through the ADSI Edit graphics utility. Administrators can also use LDIFDE for scripting the operation at the command prompt.
Rating:
Other articles
- What is LDIFDE?
- What are ADMX files?
- How to add a domain user in a Windows Server 2008 domain controller?
- What are the Administrative Templates group policy settings?
- What is restartable Active Directory Domain Services?