Solved

Windows 2008 Fine Grant Passwords and Delegation

Posted on 2010-08-23
2
497 Views
Last Modified: 2012-08-13
Right now I have a 2008 parent child domain. MY parent domain is just a place holder and all of my user account are in my child domain. Right now my help Desk has the ability to reset user passwords.
Today I found out that management wants to how have two password policies for our child domain.
1) one for regaulr users and the other for admins
2) The help desk also needs the ability to unlock user accounts

how can I setup two password policies? I know you can do this in 2008 but I never did it before? Ca nI have 2 password policies in a child domain only? What additonal permissions do i need to give my help desk in order for them to unlock uer accounts?

Can I use dsquery or dsget to dump all current A.D permission groups currently have...
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 33506650
In order to use Fine Grained Password Policy you will need to make sure that first you are running domain functional level 2008. If this is true follow the step-by-step guide here and you should be on your way.
http://technet.microsoft.com/en-us/library/cc770842(WS.10).aspx
and
http://technet.microsoft.com/en-us/library/cc770394(WS.10).aspx
0
 
LVL 20

Author Comment

by:compdigit44
ID: 33509654
It is ok to run a fine grain pws policy in a child domain and not the parent?

What permission do I need to give my help desk users in AD in order for them to unlock accounts?

0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question