Step-by-Step Fine-Grained Password Policy in Windows 2012 R2

Overview

This article provides a step-by-step guide on Fine-Grained Password Policy in Windows 2012 R2.  Although Microsoft had introduced this functionality in Windows 2008, the process has been simplified through the graphical interface.

Guidance

Launch Active Directory Administrative Center from within Server Manager under Tools.

Launch Active Directory Administrative Center

Click on the Tree View, under the appropriate domain expand System. Locate Password Settings Container, right-click and choose New, Password Settings.

Fined-Grained-Password-Policy-02

A new window with password options will appear.  Populate it with the appropriate policy settings and name it appropriately.  Utilize a name that conforms with your naming convention scheme.  In our instance, we utilized a numbered policy name as we utilize numbers to track numbers.

We also suggest providing a brief description so that it will be easier to identify the purpose of the policy and include items such as author and date.

Fined-Grained-Password-Policy-03

Note:  The following Microsoft Technet article “Password Policy” provides further information on the above options.

Next, click on the Add button and enter the names of the groups that you wish to apply the policy.  In this instance we will apply the policy to the GP_LOCAL_ADMINS group which is used for managing the desktop infrastructure.  Click OK to apply it to the group.

Fined-Grained-Password-Policy-04

Ensure that the group is listed under Directly Applies To.  

Fined-Grained-Password-Policy-05

References

Step-by-Step Fined-Grained Password Policy in Windows 2008

 

Leave a Comment