Solved

Fine Grained Password Policy Best Practice

Posted on 2015-01-19
2
106 Views
Last Modified: 2015-05-11
Hello,

I'm looking for a documentation on best practice Fine grained passwords policy as far as implementation in an organization. I'm not looking for configuration document.
What's the best practice password policy with FGPP.
an FGPP for
1-VIP
2-Admins level 1
3-Admins level 2

What's new with FGPP on Windows server 2012 beside graphical interface ???

I have to sell the technology beside technical possibility offert by FGPP.

I can't find any doc on the net on which i can rely on beside how to configure FGPP document.....

Thank you

Best Regards,
0
Comment
Question by:AMATERASOU
2 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40558176
Take a look at the following technet below whcih provides both steps and also PSO structure and special considerations.

Basically other than the UI for PSO's in 2012 there is really no other differences. You won't find a clear cut Best Practices when using PSO other then some considerations. Basic Password principals apply. Also every environment is different and using PSO's allows you to create "out of the norm" password policies that different from the default domain policy.

Some things to take into consideration "which are mentioned in the technet" are using Security Groups rather then using OU's to apply the policies. This way you can add/remove users from the Security Group rather than move them into an OU and have the user lose or have to re-jig group policies to apply correctly for that specific group of users.

FGPP Info

Will.
0
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 40558178
I believe you are asking for best practices concerning password policies, realizing that FGPP are just one tool now available to implement those policies.  Password policies are still debated by the security experts I've listened to in the past.  I still come across folks who advocate for account lockouts, other who indicate that lockouts are now only a mechanism which makes some DoS easier for attackers.  There are a LOT of recommendations, and some of them conflict.

So, I think you'll want to look at some of the articles on Password Policies in general.  "Rethinking Password Policies" and "Password Management" for example.  Next consider your user community(communities).  If they're homogenous, and all have roughly the same security requirements, then you probably do not need FGPP.  If you have different needs amongst different groups of users, you may want to consider implementing FGPP.  (For example, does the maintenance worker who only logs into the system to access their time sheet and print need the same type of sixteen character complex password that your database administrators may need?)  Before FGPP were available, it was fairly painful to implement different password policies for different groups of users.  But again... it's just one more tool, but you need to look at your users to determine if this tool is appropriate.
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now