Windows Server 2008 Active Directory is a
feature called fine grained password policies (FGPPs).In Server 2000 and 2003.
Active Directory domains, you could apply only
one password and account lockout policy to all users in the domain, so if you
wanted different password and account lockout settings for different sets of
users, you had to either create a password filter or deploy multiple domains.
In Windows Server 2008 you can use fine grained password policies to specify
multiple password policies, apply different password restrictions and account
lockout policies to different sets of users within a single domain. FGPPs
become available once the domain has been promoted to Windows Server 2008
Domain Functional Level.
To store fine grained password policies,
Windows Server 2008 includes two new object classes in the Active Directory
Domain Services schema Password Settings Container and Password Settings. The
Password Settings Container object class is created by default under the System
container in the domain. It stores the Password Settings objects (PSOs) for
that domain. You cannot rename, move, or delete this container. Policies you
create are represented by Password Setting Objects within Active Directory. To
manage PSOs you need to use ADSI Edit or an LDIF file.
Posts
0 comments:
Post a Comment