Windows Server – Fine Grained Password Policies

KB ID 0000765 


Before server 2008 if you wanted more than one password policy, you had to create a sub domain just to do that! with Server 2008 we were given fine grained password policies, which were fine (if a little clunky), and involved you creating ‘Password Settings Objects’.

2008 Password Policy Object

They were a pain if you were not used to them e.g. five minutes is entered as 00:00:05:00. But now Microsoft have made things a LOT EASIER (though they made a good job of hiding it!).


1. From Server Manager (ServerManager.exe) > Local Server > Tools > Active Directory Administrative Center.

 2012 Active Directory Administrative Center

2. System container.

 2012 System Container

3. Password Settings Container.

2012 Password Settings Container

4. New > Password Settings > Configure as required > Add > Locate the Security group you want to apply the policy to > OK > OK.

Note: The Precedence dictates which policy will apply if the same user has multiple policies applied to them.

2012 Fine Grained

5. You can then create other policies to apply to different groups.

Group Password Policy

To See What Policies are Applying to a User

6. Locate the user (while still in Active Directory Administrative Center) Right click > View resultant password settings > If a policy is in place it will open.

2012 apply password policy to a group

7. If there is no policy in place you will see, “User does not have resultant fine grained password settings. Please check the user’s domain password settings”.

2012 Check password policy


Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On