Fine Grain Password Policy Tool RC0 is ready!

General Information

This build is very close to RTM quality and is “feature complete” we have resolved many bugs and issues in this release, please report any issues or bugs.

Note: The PasswordPolicy Cmd'let now has built-in help for all available commannds. I.e: get-help New-PasswordPolicy -full

As usual many thanks to Stanimir Stoyanov for helping me solving some issues in this release. (http://www.stoyanoff.info)

Overview of Fine Grain Password Policies in Windows Server 2008:
http://technet2.microsoft.com/windowsserver2008/en/library/056a73ef-5c9e-44d7-acc1-4f0bade6cd751033.mspx

Download
Download Fine Grain Password Policy Tool (x86) RC0.
http://blogs.chrisse.se/files/folders/fgpp/entry45.aspx

Download Fine Grain Password Policy Tool (x64) RC0.
http://blogs.chrisse.se/files/folders/fgpp/entry44.aspx

Fine Grain Password Policy Tool Quick Start Guide
http://blogs.chrisse.se/blogs/chrisse/pages/fine-grain-password-policy-tool.aspx

System Requirements

Fine Grain Password Policy Tool (FGPP) RC0 are “Supported” on the following platforms

·         Windows Server 2008

·         Windows Vista and Windows Vista Service Pack 1 or later

·         Windows Server 2003 Service Pack 1 or later and Windows Server 2003 R2

·         Windows XP Service Pack 2 or later

Prerequisites

Before installing this build, you must have:

Windows Server 2008 and Windows Vista

·         Windows Server 2008 Active Directory Domain.

·         Windows PowerShell installed (for command-line and scripting support)
Windows Server 2003 and Windows XP

·         Microsoft .NET Framework 2.0.

·         Microsoft Management Console 3.0

·         Windows Server 2008 Active Directory Domain.

·         Windows PowerShell installed (for command-line and scripting support)

Fine Grain Password Policy Tool MCC - Password Policy Properties:

Usage information 

Fine Grain Password Policy Tool Core PowerShell Samples.

FGPP RC0 Milestone (Build 2270-2292) supports the following PowerShell Commands.
Create new Password Policies

New-PasswordPolicy <Name> [-domain <FQDNDomainName>] >] [–server <DCFQDN>] -MaximumPasswordAge <timespan> -MinimumPasswordAge <timespan> -MinimumPasswordLength <PassswordMinLenght> -PasswordComplexityEnabled <$True/$False> -PasswordReversibleEncryptionEnabled <$True/$False> -PasswordSettingsPrecendence <PrecendenceOrder> -PasswordHistoryLength <NumberOfPasswords> -LockoutDuration <timespan> -LockoutObservationWindow <timespan> -LockoutThreshold <int> -AppliesTo *SupportedNameFormats

Modify existing Password Policies
Modify-PasswordPolicy <name> [-domain <FQDNDomainName>] >] [–server <DCFQDN>] [-MaximumPasswordAge <timespan>] [-MinimumPasswordAge <timespan>] [-MinimumPasswordLength <PassswordMinLenght>] [-PasswordComplexityEnabled <$True/$False>] [-PasswordReversibleEncryptionEnabled <$True/$False>] [-PasswordSettingsPrecendence <PrecendenceOrder>] [-PasswordHistoryLength <NumberOfPasswords>] [-LockoutDuration <timespan>] [-LockoutObservationWindow <timespan>] [-LockoutThreshold <int>] -AppliesToAdd *SupportedNameFormats -AppliesToRemove *SupportedNameFormats

Delete Password Policies
Delete-PasswordPolicy <name> [-domain <FQDNDomainName>] [–server <DCFQDN>] [-all]

Reame Password Policies
Rename-PasswordPolicy <name> [-domain <FQDNDomainName>] -NewName <name>

Add users and global groups to an existing Password Policy
Add-PasswordPolicy -Name <name> [-domain <FQDNDomainName>] [–server <DCFQDN>] -AppliesTo *SupportedNameFormats

Remove users and global groups to an existing Password Policy

Remove-PasswordPolicy -Name <name> [-domain <FQDNDomainName>] [–server <DCFQDN>] -AppliesTo *SupportedNameFormats [-all]

Get the Effective PasswordPolicy for one or more users objects

Get-PasswordPolicyEffective <name> [-domain <FQDNDomainName>] [–server <DCFQDN>]

Export Password Policies

Export-PasswordPolicy <name> <path> [-domain <FQDNDomainName>] [–server <DCFQDN>]

Import Password Policies

Import-PasswordPolicy <name> <path> [-domain <FQDNDomainName>] [–server <DCFQDN>]

--------------------------------------------------------------------------------------------------------------------------------------------------------------

*SupportedNameFormats: [Domain\UserN, "First LastName", {4fa050f0-f561-11cf-bdd9-00aa003a77b6}, example.microsoft.com/software/user name, usern@example.microsoft.com, S-1-5-21-397955417-626881126-188441444-501]

Fine Grain Password Policy Tool Additional PowerShell Samples.

How to use the Get-PasswordPolicy and New-PasswordPolicy to copy an existing PasswordPolicy

Note: Any parameter can be used with New-PasswordPolicy override settings from the existing policy.

Get-PasswordPolicy <name> [-domain <FQDNDomainName>] | New-PasswordPolicy <Name> [-domain <FQDNDomainName>] [-MaximumPasswordAge <timespan>] [-MinimumPasswordAge <timespan>] [-MinimumPasswordLength <PassswordMinLenght>] [-PasswordComplexityEnabled <$True/$False>] [-PasswordReversibleEncryptionEnabled <$True/$False>] [-PasswordSettingsPrecendence <PrecendenceOrder>] [-PasswordHistoryLength <NumberOfPasswords>] [-LockoutDuration <timespan>] [-LockoutObservationWindow <timespan>] [-LockoutThreshold <int> -AppliesTo * SupportedNameFormats]

--------------------------------------------------------------------------------------------------------------------------------------------------------------

How to check policy compliance for linked users for a one or more Password Policies

foreach ($Policy in Get-PasswordPolicy [<Name>]) { foreach ($Applied in $Policy.AppliesTo) { Get-PasswordPo

licyEffective $Applied } }