Fine grained policy

  • 180 Views
  • Last Post 12 September 2018
yogeshcittu posted this 11 September 2018

HI All,
We have deployed fine grained policy for specific set of users and we are able to view the rsop correctly from AD.
I'm able to reset the password from ADUC but 'Im not able to reset the same password from a workstation.Is this something by design or am I missing something
Do anyone have MS article

Order By: Standard | Newest | Votes
daemonr00t posted this 12 September 2018

Just wondering... what’s so special about those machines that need a separate password policy?
Never seen such scenario before.


~Danny
Sent from my iPhone

> On Sep 11, 2018, at 5:31 PM, Yogesh cittu wrote:
>
> HI All,
>
> We have deployed fine grained policy for specific set of users and we are able to view the rsop correctly from AD.
>
> I'm able to reset the password from ADUC but 'Im not able to reset the same password from a workstation.Is this something by design or am I missing something
>
> Do anyone have MS article
��)ߢm������+�v*�롹^�˧���r���x���i٢�f���-�����+

yogeshcittu posted this 12 September 2018

I’m not able to change passwords from any of the machines in our domain for the users who have fine grained policy applied.
On Wed, 12 Sep 2018 at 6:02 AM, Danny CS <daemonroot@xxxxxxxxxxxxxxxx> wrote:
Just wondering... what’s so special about those machines that need a separate password policy?
Never seen such scenario before.


~Danny
Sent from my iPhone

> On Sep 11, 2018, at 5:31 PM, Yogesh cittu <yogeshcittu@xxxxxxxxxxxxxxxx> wrote:
>
> HI All,
>
> We have deployed fine grained policy for specific set of users and we are able to view the rsop correctly from AD.
>
> I'm able to reset the password from ADUC but 'Im not able to reset the same password from a workstation.Is this something by design or am I missing something
>
> Do anyone have MS article

daemonr00t posted this 12 September 2018

Gotcha, ok so if you try changing the password, what happens? Is there any error message?

Is the communication between your machines and the domain controllers fine?

So, if a non FGPPed user tries to change its password from a “faulty” machine, what happens?

 

 

~danny










show

kurtbuff posted this 12 September 2018

Have to wonder, along with Danny, about errors.
We have an FGPP set up for folks who want to change passwords less often by requiring a longer password, and we've encountered no problems with it.
Kurt


show

chriss3 posted this 12 September 2018

Sounds like you’re hitting min password age, e.g trying to change the password to soon. Not that Reset Password (from ADUC) and Change Password (you have to know the old one) is different. Some Policies don’t apply to Set Password such as min password age or password history 

show

yogeshcittu posted this 12 September 2018

While changing password for users with FGPP enabled, we are getting "unable to update the password, the value provided for the new password does not meet the length or complexity or history requirement of the domain"
In the same machine, we are able to reset the password for non FGPP users.Below is the configuration
image.png

show

wrbeaudo posted this 12 September 2018

You can do a "reset" of a password via ADUC it ignores password history, but enforces password complexity and length (not sure about minimum password age - I doubt it).  A password "change" enforces all of the settings.  This is not a FGPP issue. The old password policy worked the same way.  Basically, an administrative reset of a password doesn't have to follow the same set of rules.  This is because in most places, the initial password is computed based off of data the user knows and it is commonplace to reset back to that known password in cases where the end user forgets the current one.
Billy BeaudoinTextiles Creative and Technology Services
College of Textiles
NC State University

show

zhiaga posted this 12 September 2018


Enforce minimum password age: 1
It must be at least one day before the user can change his password again from his workstation.
You must not use any of the 12 previous passwords, length of 8 characters, and it must be a complex password.












El miércoles, 12 de septiembre de 2018 11:42:50 GMT-5, Billy Beaudoin <wrbeaudo@xxxxxxxxxxxxxxxx> escribió:









show

Close