Fine Grain Password Policy Tool 1.0 (2300.0) RTM

Build: FGPP RTM_2300-20081223.0
Branch: FGPP-RTM-branch.
Usage: Production Usage.

 


General Information

 

This build is the final RTM build of the Fine Grain Password Policy Tool. (FGPP RTM_2300-20081223.0) For full release notes see the document “Release notes for Fine Grain Password Policy Tool” included in the package, as well to be released on the website later today, other documentation available with this release are.

 

·         Quick Start Guide for Fine Grain Password Policy Tool

 

·         Windows PowerShell Usage for Fine Grain Password Policy Tool

 

·         Password Policy Samples for Fine Grain Password Policy Tool

 


Acknowledgements


Stanimir Stoyanov,
thanks
for providing the incredible support and your ideas while this piece of software was being written. Especially for the work that was done with the Native Methods. Please have a look at this blog for other projects he has been released http://www.stoyanoff.info

 


Björn Österman, t
hanks for your help and support with the initial design of the Password Policy class.

 


TrueSec Team
, thanks for providing support while this piece of software was being written.

 

Overview of Fine Grain Password Policies in Windows Server 2008:
http://technet2.microsoft.com/windowsserver2008/en/library/056a73ef-5c9e-44d7-acc1-4f0bade6cd751033.mspx

 

Download

Download Fine Grain Password Policy Tool (x86) 1.0.
http://blogs.chrisse.se/files/folders/fgpp/entry51.aspx

Download Fine Grain Password Policy Tool (x64) 1.0.
http://blogs.chrisse.se/files/folders/fgpp/entry50.aspx

 

Quick Start Guide.
http://blogs.chrisse.se/blogs/chrisse/pages/fine-grain-password-policy-tool.aspx

 

System Requirements

Fine Grain Password Policy Tool 1.0 are “Supported” on the following platforms

 

·         Windows Server 2008

·         Windows Server 2008 R2

·         Windows Vista with Service Pack 1 or later

·         Windows 7

·         Windows Server 2003 with Service Pack 1 or later and Windows Server 2003 R2

·         Windows XP Service Pack 2 or later


Prerequisites
Before installing this build, you must have:

Windows Server 2008, Windows Server 2008 R2 and Windows Vista, Windows 7

·         Windows Server 2008 Active Directory Domain.

·         Windows PowerShell installed (for command-line and scripting support)

Windows Server 2003 and Windows XP

·         Microsoft .NET Framework 2.0.

·         Microsoft Management Console 3.0

·         Windows Server 2008 Active Directory Domain.

·         Windows PowerShell installed (for command-line and scripting support)

 
Usage information:

Fine Grain Password Policy Tool Core PowerShell Samples.

FGPP RTM supports the following PowerShell Commands.

Create new Password Policies

New-PasswordPolicy <Name> [-domain <FQDNDomainName>] >] [–server <DCFQDN>] -MaximumPasswordAge <timespan> -MinimumPasswordAge <timespan> -MinimumPasswordLength <PassswordMinLenght> -PasswordComplexityEnabled <$True/$False> -PasswordReversibleEncryptionEnabled <$True/$False> -PasswordSettingsPrecendence <PrecendenceOrder> -PasswordHistoryLength <NumberOfPasswords> -LockoutDuration <timespan> -LockoutObservationWindow <timespan> -LockoutThreshold <int> -AppliesTo *SupportedNameFormats

 


Modify existing Password Policies
Modify-PasswordPolicy <name> [-domain <FQDNDomainName>] >] [–server <DCFQDN>] [-MaximumPasswordAge <timespan>] [-MinimumPasswordAge <timespan>] [-MinimumPasswordLength <PassswordMinLenght>] [-PasswordComplexityEnabled <$True/$False>] [-PasswordReversibleEncryptionEnabled <$True/$False>] [-PasswordSettingsPrecendence <PrecendenceOrder>] [-PasswordHistoryLength <NumberOfPasswords>] [-LockoutDuration <timespan>] [-LockoutObservationWindow <timespan>] [-LockoutThreshold <int>] -AppliesToAdd *SupportedNameFormats -AppliesToRemove *SupportedNameFormats

 


Delete Password Policies
Delete-PasswordPolicy <name> [-domain <FQDNDomainName>] [–server <DCFQDN>] [-all]

 

Reame Password Policies
Rename-PasswordPolicy <name> [-domain <FQDNDomainName>] -NewName <name>

 


Add users and global groups to an existing Password Policy
Add-PasswordPolicy -Name <name> [-domain <FQDNDomainName>] [–server <DCFQDN>] -AppliesTo *SupportedNameFormats

Remove users and global groups to an existing Password Policy
Remove-PasswordPolicy -Name <name> [-domain <FQDNDomainName>] [–server <DCFQDN>] -AppliesTo *SupportedNameFormats [-all]

 

Get the Effective PasswordPolicy for one or more users objects

Get-PasswordPolicyEffective <name> [-domain <FQDNDomainName>] [–server <DCFQDN>]

Export Password Policies

Export-PasswordPolicy <name> <path> [-domain <FQDNDomainName>] [–server <DCFQDN>]


Import Password Policies

Import-PasswordPolicy <name> <path> [-domain <FQDNDomainName>] [–server <DCFQDN>]

————————————————————————————————————————————————————–

*SupportedNameFormats: [DomainUserN, “First LastName”, {4fa050f0-f561-11cf-bdd9-00aa003a77b6}, example.microsoft.com/software/user name, usern@example.microsoft.com, S-1-5-21-397955417-626881126-188441444-501]

 
Fine Grain Password Policy Tool Additional PowerShell Samples.
————————————————————————————————————————————————————–

 

How to use the Get-PasswordPolicy and New-PasswordPolicy to copy an existing PasswordPolicy

 

Note: Any parameter can be used with New-PasswordPolicy override settings from the existing policy.

 

Get-PasswordPolicy <name> [-domain <FQDNDomainName>] | New-PasswordPolicy <Name> [-domain <FQDNDomainName>] [-MaximumPasswordAge <timespan>] [-MinimumPasswordAge <timespan>] [-MinimumPasswordLength <PassswordMinLenght>] [-PasswordComplexityEnabled <$True/$False>] [-PasswordReversibleEncryptionEnabled <$True/$False>] [-PasswordSettingsPrecendence <PrecendenceOrder>] [-PasswordHistoryLength <NumberOfPasswords>] [-LockoutDuration <timespan>] [-LockoutObservationWindow <timespan>] [-LockoutThreshold <int> -AppliesTo * SupportedNameFormats]

 

————————————————————————————————————————————————————–

 

How to check policy compliance for linked users for a one or more Password Policies

foreach ($Policy in Get-PasswordPolicy [<Name>]) { foreach ($Applied in $Policy.AppliesTo) { Get-PasswordPolicyEffective $Applied } }