FGPP is a new feature introduced in Windows Server 2008. This feature offers the multiple password policies to users in the organization. Here are some points which describe the FGPP features and facts:
- There are two new Object Classes in Schema for PSO:
- PSC: Password Settings Container
- PSO: Password Settings Object
- Multiple Password and Account Lockout Policies
- Specific to a user or security group.
- No need for another domain
- Cannot apply directly to Organization Unit directly
- Apply to User and Security Groups only, doesn't apply to computer accounts.
- Do not interact with customer password filters
- Multiple PSOs can be applied to a user or group, only one PSO is applied at a time
- PSO Settings are not merged
- PSO must be configured using either LDIFDE or ADSIEdit.msc snap-in.
- The following attributes must be set for a PSO to work:
(msDS-PasswordSettings)
Attributes: (Must have a value)
msDS-PasswordSettingsPrecendence
msDSPasswordReversibleEncryptionEnabled
msDSPasswordHistoryLength
msDS-PasswordComplexityEnabled
msDS-MinimumPasswordLength
msDS-MinimumPasswordAge
msDS-MaximumPasswordAge
msDS-LockoutThreshold
msDS-LockoutObservationWindow
msDS-LockoutDuration
msDS-PSOAppliesTo (Not Mandatory)
