How to Configure and Deploy Fine-Grained Password Policies

I have a requirement to change the Minimum Password Length on my domain from 6 characters to 8 characters.  The DFL is W2K8.  I am trying to test this policy change on a few users before a sweeping domain change is made. I need to determine if all users will be immediately prompted to  change there passwords once this new is policy is turned on.  I originally thought that I could create a new GPO and link it to a single user to see what the RSOP would be.  

I discovered that to deploy more than one password policy on a W2K8 domain you must configure a Fine-Grain Password Policy to accomplish this task.   Does anyone have step-by-step instructions on how to configure Fine-Grain Password Policies?

Thank you,

Lipotech
lipotechSys EngAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steven CarnahanNetwork ManagerCommented:
I need to determine if all users will be immediately prompted to  change there passwords once this new is policy is turned on

The users will not be prompted to change their password. The new policy will take effect the next time the user is required to change their password based on the current policy.

Here is a good step-by-step for setting up fine grain policy:

http://www.showmehowtodoit.com/step-by-step-fine-grained-password-policy-in-windows-2008/
0
Will SzymkowskiSenior Solution ArchitectCommented:
Couple of things...
Your DFL and FFL need to be at least 2008 Funcitonal Level to have Fine Grained Password Policies.
https://technet.microsoft.com/en-ca/library/cc770842(v=ws.10).aspx

I need to determine if all users will be immediately prompted to  change there passwords once this new is policy is turned on
They will NOT be prompted to change their password when this policy is applied to them. Their passwords will continue to work as normal until the password either expires or you force them to change it. At this time, they user will be required to use the new password policy that has been applied to them.

This is also the same when the user changes their password using the Ctrl+Alt+delete screen as well. If they try and change their password then it will take affect. If they do not the password stays the same.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lipotechSys EngAuthor Commented:
Thank you.  Very helpful.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.