Configuring Granular Password Settings in Windows Server 2008, Part 2

by Jakob H. Heidelberg
Sept. 1, 2017 0 comments TechGenix windows client security

This last of two articles will give some useful background information about the granular password settings in Windows Server 2008. We will now deal with the new attributes on groups and user objects, the Password Settings Objects (PSO), the resultant PSO, design recommendations, Shadow Groups (SG) and much more.We have now seen how to create PSOs and assign them to users and/or groups, but why do we need multiple password and account lockout policies you might ask? Well, there are many reason for doing this – one could be “hosting” scenarios where multiple companies are present in a single AD domain, another more common reason is where we need stricter settings to apply to a specific group of people with privileged accounts (like domain administrators, help desk personnel etc.).