Comments on: Fine-Grained Password Policy in Active Directory

By: Myles

Myles — Wed, 31 Mar 2021 08:32:29 +0000

You might want to try reading what you have written as the quality of the english is poor.

By: Shareef

Shareef — Fri, 18 Sep 2020 16:03:39 +0000

Stuff is Great

By: Mukhtar

Mukhtar — Fri, 18 Sep 2020 16:00:33 +0000

Good article about Fine grained Password policy. In Detailed explanation with screen shots .Thank you Romain Serre for posting this article

By: Wim Rijksen

Wim Rijksen — Thu, 16 Apr 2020 14:45:30 +0000

Hi! Thank you for this very helpful piece.
However, I found an error in the section “Remove default password policy on Active Directory”.
You write: Open Software Settings, Windows Settings, Security Settings, Account Policies and Password Policies.
But it should be: Open Computer Configuration, Policies, Windows Settings, Security Settings, Account Policies and Password Policies.
The screenshot you added is correct but the text is not.
Thank you, bye!

By: Steve Poirier

Steve Poirier — Fri, 17 Jan 2020 16:08:34 +0000

We have a Default Domain Policy that manage password rules. We also create a Fine-Grained Password Policy in Active Directory for a selected group. The policy work fine but if we run a gpresult /r for one of the selected user with the fine grain policy we get the Default Domain Policy Filtering: Denied (Security).

Is this a normal behavior? Also, does all other policy push by the Default Domain Policy should be apply if we add a Fine grain Policy?

By: Romain Serre

Romain Serre — Fri, 15 Mar 2019 08:12:04 +0000

Yes you’re right. It what I mean

By: Jerome Cherry

Jerome Cherry — Tue, 12 Mar 2019 19:17:18 +0000

A sentence may have an error:

When PSO is applied on some users, there are no longer using password policy from Default Policy Settings GPO. Instead they use the PSO settings.

Do you mean: “…they are no longer using passwored policy from Default Policy Settings GPO”?

Thanks for your information. I am studying network securiy in college.

By: Romain Serre

Romain Serre — Fri, 09 Nov 2018 12:10:03 +0000

Hey,

The policy will be applied the next time they change password. But you can enforce to ask to change password immediately to all domain users.

By: sometechstuff

sometechstuff — Tue, 06 Nov 2018 20:15:39 +0000

If I add a password policy, where there was none, will it affect users “immediately” or only the next time they try to change their password. For example, a user has a 6 character password and we implement a minimum of 8 characters. We would like it not to affect users right away, but rather we will tell users to change their passwords, and at that time, follow the new password policy. Thanks

By: Romain Serre

Romain Serre — Fri, 09 Feb 2018 09:06:52 +0000

Yes indeed. If you apply the FGPP to a user, the policy follow the user and FGPP policy has priority against default domain policy.