You can use Password Manager to create password policies that define which passwords to reject or accept. Password policy settings are stored in Group Policy objects (GPOs). A GPO is applied by linking the GPOs to a target container defined in Active Directory, such as an Organizational Unit or a group.
Group Policy Objects from parent containers are inherited by default. When multiple Group Policy Objects are applied, the policy settings are aggregated.
For information on how to apply a password policy and change policy link order, see Managing Password Policy scope.
Password Policy Manager is an independently deployed component of Password Manager. Password Policy Manager is necessary to enforce password policies configured in Password Manager in those cases where users change their passwords using means other than Password Manager. For example, when user change their password on the Self-Service Site, a new password is checked against password policy rules immediately, and if it complies with password policies configured in Password Manager, the new password is accepted. But when user change their password by pressing CTRL+ALT+DELETE, for example, the password’s compliance with password policies cannot be checked by Password Manager unless Password Policy Manager is deployed on all domain controllers in a managed domain. Password Policy Manager installs the dictionary file in the SYSVOL folder to set a dictionary rule for new passwords. If the dictionary file already exists in the SYSVOL folder, Password Policy Manager setup will not replace the file while installing.
If Password Policy Manager is not installed on all domain controllers in the domain, password policies configured in Password Manager will be ignored when users change password by means other than Password Manager.
NOTE: The user account that is used to install Password Policy Manager must have write access to the SYSVOL folder in domain controller.
NOTE: When the user uninstalls Password Policy Manager, the installer will not remove the dictionary file from the SYSVOL folder. The user must remove the dictionary file manually if the file is not needed.
|
Caution: Removing the dictionary file from the SYSVOL folder in one Domain Controller will result deletion of the dictionary file in all Domain Controllers . |
For more information on Password Policy Manager, see About Password Policies.
Password Manager uses a set of powerful and flexible rules to define requirements for domain passwords. Each password policy has rules that are configured independently of the rules in other policies.
The following rules duplicate and extend system password policy rules: Password Age rule, Length rule, Complexity rule, and User Properties rule.
For information on how to create and configure a password policy, see Creating and Configuring a Password Policy.
To display the properties of a password policy
On the home page of the Administration Site, click the Password Policies tab.
Click the <N> One Identity Password Policies link under the domain that you want to manage.
On the One Identity Password Policies for Domain <DomainName> page, click Edit under the policy whose properties you want to view or modify.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center