Solved

Fine Grained Password Policy Best Practice

Posted on 2015-01-19
2
137 Views
Last Modified: 2015-05-11
Hello,

I'm looking for a documentation on best practice Fine grained passwords policy as far as implementation in an organization. I'm not looking for configuration document.
What's the best practice password policy with FGPP.
an FGPP for
1-VIP
2-Admins level 1
3-Admins level 2

What's new with FGPP on Windows server 2012 beside graphical interface ???

I have to sell the technology beside technical possibility offert by FGPP.

I can't find any doc on the net on which i can rely on beside how to configure FGPP document.....

Thank you

Best Regards,
0
Comment
Question by:AMATERASOU
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40558176
Take a look at the following technet below whcih provides both steps and also PSO structure and special considerations.

Basically other than the UI for PSO's in 2012 there is really no other differences. You won't find a clear cut Best Practices when using PSO other then some considerations. Basic Password principals apply. Also every environment is different and using PSO's allows you to create "out of the norm" password policies that different from the default domain policy.

Some things to take into consideration "which are mentioned in the technet" are using Security Groups rather then using OU's to apply the policies. This way you can add/remove users from the Security Group rather than move them into an OU and have the user lose or have to re-jig group policies to apply correctly for that specific group of users.

FGPP Info

Will.
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 40558178
I believe you are asking for best practices concerning password policies, realizing that FGPP are just one tool now available to implement those policies.  Password policies are still debated by the security experts I've listened to in the past.  I still come across folks who advocate for account lockouts, other who indicate that lockouts are now only a mechanism which makes some DoS easier for attackers.  There are a LOT of recommendations, and some of them conflict.

So, I think you'll want to look at some of the articles on Password Policies in general.  "Rethinking Password Policies" and "Password Management" for example.  Next consider your user community(communities).  If they're homogenous, and all have roughly the same security requirements, then you probably do not need FGPP.  If you have different needs amongst different groups of users, you may want to consider implementing FGPP.  (For example, does the maintenance worker who only logs into the system to access their time sheet and print need the same type of sixteen character complex password that your database administrators may need?)  Before FGPP were available, it was fairly painful to implement different password policies for different groups of users.  But again... it's just one more tool, but you need to look at your users to determine if this tool is appropriate.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question