none
How to confirm - FGGP has successfully applied

    Question

  • Dear all,

    today we have implemented Fine-Grained Password Policy in our environment.

    I wish to how do I confirm that it is successfully applied.

    I checked by running below commands

    >gpresult /r

    > rsop

    but not able to view it, can someone please help 


    TheAtulA

    Tuesday, August 02, 2016 12:37 PM

Answers

  • Hi,

    Thanks for your post.

    According to my research, Fine-grained password policies are a great new feature in Windows Server 2008. They allow different security policies related to password and lockout configuration to be applied to users based on the groups a user is in, instead of one policy for the entire domain.

    To check which Password Setting Object is being applied to a user, run the following command on a domain controller (DC):

    dsquery user -samid <username> | dsget user -effectivepso

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by - Atul Wednesday, August 03, 2016 7:19 AM
    Wednesday, August 03, 2016 5:33 AM
    Moderator
  • Am 02.08.2016 um 14:37 schrieb TheAtulA:
    > I checked by running below commands
    > gpresult /r
     > rsop
     
    Neither gpresult/rsop nor any other client tool will tell you about
    FGPP. FGPP are NOT(!) Policies. FGPP are AD filterobjects for password
    changes/lockout etc, but nothing that will be deployed to a client.
     
    Test it by using a User object that should be efected by Security Group.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    • Marked as answer by - Atul Thursday, August 04, 2016 1:07 PM
    Wednesday, August 03, 2016 10:38 AM

All replies

  • If you open Active Directory Administrative Center, you can confirm. Find a user - open properties - click on Passwords Settings.

    If my answer helped you, check out my blog: Deploy Happiness

    Tuesday, August 02, 2016 1:14 PM
  • Hi,

    Thanks for your post.

    According to my research, Fine-grained password policies are a great new feature in Windows Server 2008. They allow different security policies related to password and lockout configuration to be applied to users based on the groups a user is in, instead of one policy for the entire domain.

    To check which Password Setting Object is being applied to a user, run the following command on a domain controller (DC):

    dsquery user -samid <username> | dsget user -effectivepso

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by - Atul Wednesday, August 03, 2016 7:19 AM
    Wednesday, August 03, 2016 5:33 AM
    Moderator
  • Is there any way to apply it forcefully

    TheAtulA

    Wednesday, August 03, 2016 10:11 AM
  • Am 02.08.2016 um 14:37 schrieb TheAtulA:
    > I checked by running below commands
    > gpresult /r
     > rsop
     
    Neither gpresult/rsop nor any other client tool will tell you about
    FGPP. FGPP are NOT(!) Policies. FGPP are AD filterobjects for password
    changes/lockout etc, but nothing that will be deployed to a client.
     
    Test it by using a User object that should be efected by Security Group.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    • Marked as answer by - Atul Thursday, August 04, 2016 1:07 PM
    Wednesday, August 03, 2016 10:38 AM