?
Solved

Windows 2008 Fine Grant Passwords and Delegation

Posted on 2010-08-23
2
Medium Priority
?
500 Views
Last Modified: 2012-08-13
Right now I have a 2008 parent child domain. MY parent domain is just a place holder and all of my user account are in my child domain. Right now my help Desk has the ability to reset user passwords.
Today I found out that management wants to how have two password policies for our child domain.
1) one for regaulr users and the other for admins
2) The help desk also needs the ability to unlock user accounts

how can I setup two password policies? I know you can do this in 2008 but I never did it before? Ca nI have 2 password policies in a child domain only? What additonal permissions do i need to give my help desk in order for them to unlock uer accounts?

Can I use dsquery or dsget to dump all current A.D permission groups currently have...
0
Comment
Question by:compdigit44
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 33506650
In order to use Fine Grained Password Policy you will need to make sure that first you are running domain functional level 2008. If this is true follow the step-by-step guide here and you should be on your way.
http://technet.microsoft.com/en-us/library/cc770842(WS.10).aspx
and
http://technet.microsoft.com/en-us/library/cc770394(WS.10).aspx
0
 
LVL 20

Author Comment

by:compdigit44
ID: 33509654
It is ok to run a fine grain pws policy in a child domain and not the parent?

What permission do I need to give my help desk users in AD in order for them to unlock accounts?

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question