“This [fine-grained policy control] is solving a user pain point,” said Ward Ralston, senior technical product manager for Microsoft. He said users no longer have to worry about maintaining password policies in many different locations and segmenting users based on password policy requirements. With the new Longhorn password policy feature, Ralston said administrators will use Active Directory Services Interface (ADSI) to create a new Active Directory password object. The object is then assigned to a user or group of users. The policy requires that the user create passwords that adhere to certain rules, including how often the password must be updated.
As always, the devil is in the details! How many administrators are proficient at using "ADSI to create a new Active Directory" anything? That translates to programming to create the object. Or, you could use LDP, which is practically a fate worse than death.
There is already a great tool for creating and applying policies across your Windows network - it's called Group Policy. That's what customer's today already use for setting their Windows 2000 and Windows Server 2003 password policies. I wonder why Microsoft isn't using Group Policy???
Technorati Tags: Active Directory, Microsoft, security, group policy
1 comment:
Just wanted a couple of related links:
PowerShell command-line for fine-grained password policies
Free UI Console for Fine-Grained Password Policies
Post a Comment