Ready to learn?

Multiple Password Policies in Active Directory

๐Ÿ”’ Secure Bits ๐Ÿ’ก
๐—ก๐—ฒ๐—ฒ๐—ฑ ๐— ๐˜‚๐—น๐˜๐—ถ๐—ฝ๐—น๐—ฒ ๐—ฃ๐—ฎ๐˜€๐˜€๐˜„๐—ผ๐—ฟ๐—ฑ ๐—ฃ๐—ผ๐—น๐—ถ๐—ฐ๐—ถ๐—ฒ๐˜€ ๐—ถ๐—ป ๐—”๐—ฐ๐˜๐—ถ๐˜ƒ๐—ฒ ๐——๐—ถ๐—ฟ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ๐˜†?

Many admins try to enforce different password rules via GPOs on OUs โ€” only to find out it doesnโ€™t work.

๐—ช๐—ต๐˜†?
๐Ÿ”น GPO password policy applies only to computer objects.
๐Ÿ”น Each domain supports only ONE account policy โ€” applied at the domain root.

So how do you apply different rules for different users?

โœ… ๐—™๐—ถ๐—ป๐—ฒ-๐—š๐—ฟ๐—ฎ๐—ถ๐—ป๐—ฒ๐—ฑ ๐—ฃ๐—ฎ๐˜€๐˜€๐˜„๐—ผ๐—ฟ๐—ฑ ๐—ฃ๐—ผ๐—น๐—ถ๐—ฐ๐—ถ๐—ฒ๐˜€ (๐—™๐—š๐—ฃ๐—ฃ)
FGPP lets you create multiple password policies targeted at users or groups โ€” without touching your GPO password policy.

๐Ÿ’ก ๐—˜๐˜…๐—ฎ๐—บ๐—ฝ๐—น๐—ฒ ๐—จ๐˜€๐—ฒ ๐—–๐—ฎ๐˜€๐—ฒ:
๐Ÿ”น Users โ†’ 12 characters (Enforced by GPO)
๐Ÿ”น Admins โ†’ 17 characters (Enforced by FGPP)

๐Ÿ›ก ๐—›๐—ผ๐˜„ ๐˜๐—ผ ๐˜€๐—ฒ๐˜ ๐—ฝ๐—ฎ๐˜€๐˜€๐˜„๐—ผ๐—ฟ๐—ฑ ๐—น๐—ฒ๐—ป๐—ด๐˜๐—ต?
You can follow:
๐Ÿ”ธ CIS Benchmark:
โ†’ 14 characters minimum
๐Ÿ”ธ NIST SP 800-63
โ†’ 8 characters minimum
๐Ÿ”ธ Czech regulation (Vyhlรกลกka 82/2018):
โ†’ Users โ†’ 12 chars
โ†’ Admins โ†’ 17 chars
โ†’ Service accounts โ†’ 22 chars

FGPP is configured inย ๐—”๐—ฐ๐˜๐—ถ๐˜ƒ๐—ฒ ๐——๐—ถ๐—ฟ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ๐˜† ๐—”๐—ฑ๐—บ๐—ถ๐—ป๐—ถ๐˜€๐˜๐—ฟ๐—ฎ๐˜๐—ถ๐˜ƒ๐—ฒ ๐—–๐—ฒ๐—ป๐˜๐—ฒ๐—ฟ.

๐Ÿ”— Want to learn more like this? ๐—–๐—ต๐—ฒ๐—ฐ๐—ธ ๐—ผ๐˜‚๐˜ ๐—ผ๐˜‚๐—ฟ ๐—”๐—— ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ฐ๐—ผ๐˜‚๐—ฟ๐˜€๐—ฒ:
๐Ÿ‘‰ https://academy.horizon-secured.com/p/active-directory-password-policies

How are you handling password policies in your environment? ๐Ÿ‘‡

buy a course