Solved

Fine Grained Password Policy Best Practice

Posted on 2015-01-19
2
116 Views
Last Modified: 2015-05-11
Hello,

I'm looking for a documentation on best practice Fine grained passwords policy as far as implementation in an organization. I'm not looking for configuration document.
What's the best practice password policy with FGPP.
an FGPP for
1-VIP
2-Admins level 1
3-Admins level 2

What's new with FGPP on Windows server 2012 beside graphical interface ???

I have to sell the technology beside technical possibility offert by FGPP.

I can't find any doc on the net on which i can rely on beside how to configure FGPP document.....

Thank you

Best Regards,
0
Comment
Question by:AMATERASOU
2 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40558176
Take a look at the following technet below whcih provides both steps and also PSO structure and special considerations.

Basically other than the UI for PSO's in 2012 there is really no other differences. You won't find a clear cut Best Practices when using PSO other then some considerations. Basic Password principals apply. Also every environment is different and using PSO's allows you to create "out of the norm" password policies that different from the default domain policy.

Some things to take into consideration "which are mentioned in the technet" are using Security Groups rather then using OU's to apply the policies. This way you can add/remove users from the Security Group rather than move them into an OU and have the user lose or have to re-jig group policies to apply correctly for that specific group of users.

FGPP Info

Will.
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 40558178
I believe you are asking for best practices concerning password policies, realizing that FGPP are just one tool now available to implement those policies.  Password policies are still debated by the security experts I've listened to in the past.  I still come across folks who advocate for account lockouts, other who indicate that lockouts are now only a mechanism which makes some DoS easier for attackers.  There are a LOT of recommendations, and some of them conflict.

So, I think you'll want to look at some of the articles on Password Policies in general.  "Rethinking Password Policies" and "Password Management" for example.  Next consider your user community(communities).  If they're homogenous, and all have roughly the same security requirements, then you probably do not need FGPP.  If you have different needs amongst different groups of users, you may want to consider implementing FGPP.  (For example, does the maintenance worker who only logs into the system to access their time sheet and print need the same type of sixteen character complex password that your database administrators may need?)  Before FGPP were available, it was fairly painful to implement different password policies for different groups of users.  But again... it's just one more tool, but you need to look at your users to determine if this tool is appropriate.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question