Sign up to access this lesson
Click here to sign up and get access to this lesson!

Saving Progress...
In this lecture, I am going to be showing you how to create a PSO or Password Settings Object. The purpose is to allow you to set a password policy on a per-user or per security user group basis.Open Server Manager > Tools > Active Directory Users and Computers. Expand instructorpaul.com domain and instructorpaul OU. Right-click on Domain Groups and choose New > Group from the context menu.

We are naming this group to something that gives us an indication that is related to a password policy setting. We are naming it 7 Day Password Age for our exercise. It is a Global Group and a Security Group. Click OK to create it.

Double click the group we just created and add the user paul.hill as a member.

Click the Members tab and click the Add button.

Search for paul.hill and click the Check Names button to resolve the name and click OK.

Click the Apply and OK buttons.

Essentially what we have done is create a new group and add a user to it. The Security Group has a name that’s useful for letting us know that the password age is only 7 days, but it really doesn’t do anything to that effect.
So the way we create a PSO is NOT inside Active Directory and is NOT inside Group Policy. The way you do this is with the ADSI Edit.Open Server Manager > Tools > ADSI Edit. Under ADSI Edit right-click ADSI Edit and choose Connect to...

Under the Connections Settings window leave all the options as default and click on OK.

Click to expand Default naming context > DC=instructorpaul,DC=com > CN=System

Under System, we are looking for CN=Password Settings Container. Right-click on the right empty pane and choose from the context menu New > Object…

A Create Object window will pop up. The only class that we have is a MsDS-PasswordSettings that is selected. This is the PSO Object we are looking for. Click Next to continue.

Now we need to create a name for the PSO. Type 7DayPasswordAge in the value section and click on the Next button.

For the Password Precedence Settings value type the number 1. Click Next to continue.
TIP: The PSO with the lowest number value, the one closest to 1, will take precedence over other PSOs.
Just like with the Group Policy Objects we see if we want to use Reversible Encryption and we will type the word FALSE in uppercase and click Next.
For Password History, we type the number 24 and click Next.
For Password Complexity, we are going to type TRUE in uppercase and click Next.
In the Minimum Password Length for user accounts, we type 14 and click Next.
Now we have the Minimum Password Age for user accounts we type 00:00:00:00. This is the format that represents seconds, minutes, hours, and days. Click Next.
In the Maximum Password Age for user accounts, we type 07:00:00:00. That represents 7 days. Click Next to continue.
The Lockout threshold for lockout of user accounts represents how many times a user can type in a bad password before their account gets locked out. Type 3 and click Next.
The Observation Window for lockout of user accounts is going to be 15 minutes. We are typing it in the format 00:00:15:00 and click Next.
In the Lockout duration for locked-out user accounts, we type it in the format 00:00:15:00 and we click Next.
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.
CURRICULUM
Course Introduction • 1min
0 / 1 lessons complete
Introduction to Group Policy Management • 1hr 24min
0 / 6 lessons complete
What is Group Policy
Video | 6 min
Creating and Managing GPOs
Video | 18 min
Group Policy Precedences
Video | 9 min
Editing Group Policy Object Settings
Video | 7 min
Introduction to Group Policy Quiz
Quiz | 14 Questions
Lab: Group Policy Management
Lab | 30 min
Manage Your Workstations • 1hr 46min
0 / 7 lessons complete
Deploying a Desktop Background to your domain with GPO (Group Policy Object)
Video | 12 min
Setting up a Logon Banner (Interactive Logon)
Video | 5 min
Deploying Software with Group Policy
Video | 11 min
Configuring Roaming Profiles for User Accounts
Video | 10 min
Configure User Roaming Profile Path with PowerShell
Video | 7 min
Creating and Mounting File Shares with Group Policy
Video | 16 min
Lab: Manage Your Workstations with Group Policy
Lab | 45 min
Securing Your Domain • 54min
0 / 5 lessons complete
Configuring Domain Password and Account Lockout Policies with Group Policy
Video | 0 min
Deploying Fine Grained Password Policies (PSOs)
Video | 11 min
Configuring Windows Firewall with Group Policy
Video | 6 min
Configuring Registry Settings with Group Policy
Video | 6 min
Lab: Securing Your Domain with Group Policy
Lab | 30 min
Group Policy Troubleshooting • 53min
0 / 5 lessons complete
Troubleshooting Group Policy with MMC (RSOP.msc - Resultant Set of Policy)
Video | 4 min
Troubleshooting Group Policy with Command Prompt (GPResult /r)
Video | 5 min
Creating Non-Inheriting Organizational Units for GPO Testing / Troubleshooting
Video | 9 min
Group Policy Troubleshooting Quiz
Quiz | 5 Questions
Lab: Group Policy Troubleshooting
Lab | 30 min
Course Conclusion • 1min
0 / 1 lessons complete