You can use Password Manager to create password policies that define which passwords to reject or accept. Password policy settings are stored in Group Policy objects (GPOs). A GPO is applied by linking the GPOs to a target container defined in Active Directory, such as an organizational unit or a group.
Group Policy Objects from parent containers are inherited by default. When multiple Group Policy Objects are applied, the policy settings are aggregated.
For information on how to apply a password policy and change policy link order, see Managing Password Policy Scope.
Password Policy Manager is an independently deployed component of Password Manager. Password Policy Manager is required to enforce Password Manager password policies when users change their passwords using tools other than Password Manager. To enforce Password Manager password policies, you must deploy Password Policy Manager on all Domain Controllers (DC) of your managed domain.
When a user changes their password in Password Manager, the new password is checked right away. If it complies with password policies configured in Password Manager, the new password is accepted.
However, when a user changes their password outside of Password Manager (for example, within the operating system by pressing Ctrl+Alt+Delete), Password Manager can not check the new password immediately. Instead, the compliance of the new password to the password policy rules is checked on a DC of the managed domain where Password Policy Manager is installed. If PPM is not installed on the DCs of the managed domain, then new passwords set outside Password Manager will not be checked against the password policies configured in Password Manager.
As such, Password Policy Manager extends the default password policy settings and allows administrators to configure policy scopes for each policy, so that only specified organizational units and groups are affected by the policy.
Password policy settings are stored as Group Policy Objects (GPOs). Password Policy Manager can only create new GPOs: it does not change any existing GPOs.
The installer of the Password Policy Manager component is located at the following subfolder of the Password Manager ISO image or extracted installation archive:
/Password Manager/Setup/PasswordPolicyManager_x64.msi
Password Manager uses a set of powerful and flexible rules to define requirements for domain passwords. Each password policy has rules that are configured independently of the rules in other policies.
The following rules duplicate and extend system password policy rules: Password Age rule, Length rule, Complexity rule, and User Properties rule.
For information on how to create and configure a password policy, see Creating and Configuring a Password Policy.
To display the properties of a password policy
On the home page of the Administration site, click the Password Policies tab.
Click the <N> One Identity Password Policies link under the domain that you want to manage.
On the One Identity Password Policies for Domain<DomainName> page, click Edit under the policy whose properties you want to view or modify.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center
