[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 175
  • Last Modified:

Fine Grained Password Policy Best Practice

Hello,

I'm looking for a documentation on best practice Fine grained passwords policy as far as implementation in an organization. I'm not looking for configuration document.
What's the best practice password policy with FGPP.
an FGPP for
1-VIP
2-Admins level 1
3-Admins level 2

What's new with FGPP on Windows server 2012 beside graphical interface ???

I have to sell the technology beside technical possibility offert by FGPP.

I can't find any doc on the net on which i can rely on beside how to configure FGPP document.....

Thank you

Best Regards,
0
AMATERASOU
Asked:
AMATERASOU
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
Take a look at the following technet below whcih provides both steps and also PSO structure and special considerations.

Basically other than the UI for PSO's in 2012 there is really no other differences. You won't find a clear cut Best Practices when using PSO other then some considerations. Basic Password principals apply. Also every environment is different and using PSO's allows you to create "out of the norm" password policies that different from the default domain policy.

Some things to take into consideration "which are mentioned in the technet" are using Security Groups rather then using OU's to apply the policies. This way you can add/remove users from the Security Group rather than move them into an OU and have the user lose or have to re-jig group policies to apply correctly for that specific group of users.

FGPP Info

Will.
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
I believe you are asking for best practices concerning password policies, realizing that FGPP are just one tool now available to implement those policies.  Password policies are still debated by the security experts I've listened to in the past.  I still come across folks who advocate for account lockouts, other who indicate that lockouts are now only a mechanism which makes some DoS easier for attackers.  There are a LOT of recommendations, and some of them conflict.

So, I think you'll want to look at some of the articles on Password Policies in general.  "Rethinking Password Policies" and "Password Management" for example.  Next consider your user community(communities).  If they're homogenous, and all have roughly the same security requirements, then you probably do not need FGPP.  If you have different needs amongst different groups of users, you may want to consider implementing FGPP.  (For example, does the maintenance worker who only logs into the system to access their time sheet and print need the same type of sixteen character complex password that your database administrators may need?)  Before FGPP were available, it was fairly painful to implement different password policies for different groups of users.  But again... it's just one more tool, but you need to look at your users to determine if this tool is appropriate.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now