1
00:00:06,360 --> 00:00:13,450
B ASOS are the key components to implementing fine grained password policies.

2
00:00:13,450 --> 00:00:21,970
Let's review the highlights of some settings that beer so can contain it can contain name it should

3
00:00:21,970 --> 00:00:31,240
be stream and you have to make sure to implement a naming strategy for rapier so another 13 is complexity

4
00:00:31,240 --> 00:00:32,470
enabled it.

5
00:00:32,480 --> 00:00:34,720
It could be true or false.

6
00:00:34,720 --> 00:00:36,310
You have to define it.

7
00:00:36,400 --> 00:00:45,170
If the beer so enforces the use of complex passwords and other certain as minimum or maximum password

8
00:00:45,180 --> 00:00:54,670
lands and age so minimum password lands defines the length of the password and maximum and minimum password

9
00:00:54,750 --> 00:01:02,440
age defines maximum amount of days before users will need to change their passwords.

10
00:01:02,500 --> 00:01:09,780
Minimum defines minimum amount of time before users are able to change their passwords.

11
00:01:09,820 --> 00:01:17,410
You use this often of his password his to recount to prevent users from changing their passwords multiple

12
00:01:17,410 --> 00:01:20,790
times to reuse their old passwords.

13
00:01:20,800 --> 00:01:23,450
Another 13 is mentioned password.

14
00:01:23,470 --> 00:01:30,970
Here's to recount 2 It's a number of passwords that cannot be reused and the last set and for password

15
00:01:30,970 --> 00:01:35,080
settings is reversible encryption enabled.

16
00:01:35,080 --> 00:01:36,730
It could be true or false.

17
00:01:36,730 --> 00:01:45,190
It defines if reversible encryption is allowed you must set it to false unless you have specific reasons

18
00:01:45,220 --> 00:01:48,280
to allow a reversible encryption.

19
00:01:48,280 --> 00:01:56,680
There are three account lock out sets of Piers so lock out threshold lock out observation window and

20
00:01:56,680 --> 00:01:58,390
lock out duration.

21
00:01:58,450 --> 00:02:07,510
The first one is a number of wrong passwords log gone that list locked account lock out operation window

22
00:02:07,780 --> 00:02:14,350
it's a time period during which the number of wrong passwords will log locale and lock out.

23
00:02:14,350 --> 00:02:22,540
Duration is duration after which the account will unlock automatically if not configure to an administrator

24
00:02:22,540 --> 00:02:30,790
needs to unlock the account and there are some general surgeons for peers so like precedence peers so

25
00:02:30,790 --> 00:02:34,690
apply it and protect it from accidental deletion.

26
00:02:34,850 --> 00:02:39,570
Precedence is the number that defines the priority of the people.

27
00:02:39,570 --> 00:02:45,880
So if different peer SOS apply to the same user the president's defiance.

28
00:02:45,970 --> 00:02:47,420
Which one will apply.

29
00:02:47,570 --> 00:02:55,480
P.S. so apply it settings is distinguished names of the user or global security groups to reach the

30
00:02:55,690 --> 00:03:04,050
peers so should apply and protected from accidental deletion option certain should be true or false

31
00:03:04,050 --> 00:03:10,690
and it defines whether they be a source should be protected from accidental deletion or not.

32
00:03:10,690 --> 00:03:20,350
Now you can create and apply peer source in Windows Server 2012 or newer environment by using either

33
00:03:20,650 --> 00:03:27,580
of the following tools you can do it with the help of Windows power shell or in active directory administrative

34
00:03:27,580 --> 00:03:28,410
center.

35
00:03:28,450 --> 00:03:35,860
So if you want to create and configure the ASOS with the help of our shell you can use the following.

36
00:03:35,860 --> 00:03:43,840
Come on lets an active directory module for Windows power shell to create and manage a source in your

37
00:03:43,840 --> 00:03:44,710
domain.

38
00:03:44,710 --> 00:03:52,600
You could use new ADA fine grained password policy command let this come and let create and European

39
00:03:52,660 --> 00:03:56,200
so and defines its parameters.

40
00:03:56,230 --> 00:04:05,650
For example the following command creates a new pivot so named test BW DB and then specifies its sentence.

41
00:04:05,680 --> 00:04:08,280
You should type new ADA.

42
00:04:08,470 --> 00:04:12,710
Fine grained password policy than the name test.

43
00:04:12,720 --> 00:04:23,380
P.S. w WD complexity enabled through lockout duration lockout observation window lockout dress called

44
00:04:23,770 --> 00:04:34,390
Max password length Max password age and Min password age password hist to recount precedence reversible

45
00:04:34,750 --> 00:04:41,710
encryption enabled true or false and protected from accidental deletion True or false.

46
00:04:41,730 --> 00:04:48,550
Another common letters add fine grained password policies subject this command letter enables you to

47
00:04:48,550 --> 00:04:51,850
link a user or group to an existent peer.

48
00:04:51,850 --> 00:05:01,370
So for example the following command links the test BW UDP so to the editor's group named marketing.

49
00:05:01,480 --> 00:05:03,790
You should type at a D.

50
00:05:03,850 --> 00:05:05,770
Fine grained password.

51
00:05:05,900 --> 00:05:08,220
Wallace is subject test.

52
00:05:08,280 --> 00:05:11,620
BW Do subjects marketing.

53
00:05:11,820 --> 00:05:18,840
Now if you want to configure peer so's by use an active directory administrative center you should follow

54
00:05:18,840 --> 00:05:20,250
this procedure.

55
00:05:20,250 --> 00:05:28,170
You should open active directory administrative center click manage and add navigation nodes in the

56
00:05:28,170 --> 00:05:30,710
ad navigation no dialog box.

57
00:05:30,810 --> 00:05:38,460
Select the appropriate target domain and then click okay in the Active Directory administrative center

58
00:05:38,760 --> 00:05:45,690
navigation pane open the system container and then click password certain container.

59
00:05:45,750 --> 00:05:49,210
Then in the task Spain click on you and then click.

60
00:05:49,220 --> 00:05:57,930
Password sentence configure the sentence for the new European so and under directly applies to click

61
00:05:58,050 --> 00:06:01,860
Add and type marketing and then click Okay.

62
00:06:01,890 --> 00:06:03,350
This is the sheet.

63
00:06:03,360 --> 00:06:10,770
The password policy object is the members of the global group that you created for the test environment.

64
00:06:10,770 --> 00:06:18,180
Finally click okay to submit the creation of Libya's so please know that active directory administrative

65
00:06:18,180 --> 00:06:26,880
center interface for peer so management uses the windows power shall command let's mentioned previously

66
00:06:27,210 --> 00:06:31,200
to carry out the creation and management of PSN.

67
00:06:31,200 --> 00:06:35,620
Next up will be configure and a fine grained password policy.

68
00:06:35,640 --> 00:06:36,570
I'll see you there.