When a user changes a password in Password Manager, the new password is checked right away, and if it complies with password policies configured in Password Manager, the new password is accepted.
When a user changes a password outside of Password Manager, such as pressing CTRL+ALT+DELETE, the new password will not be checked immediately by Password Manager. The password's compliance with password policy rules will be checked on a Domain Controller. This is why Password Policy Manager must be installed on all Domain Controllers in a managed domain. If Password Policy Manager is not installed, in this case when the user changes password not in Password Manager, password policies configured in Password Manager will be ignored.
Password Policy Manager extends the default password policy settings and allows configuring policy scopes for each policy, so that only specified Organizational Units and groups are affected by the policy.
Password policy settings are stored as Group Policy Objects. Password Policy Manager creates new GPOs, and it does not change any existing GPOs.
Depending on whether a Domain Controller is running an x86 or x64 version of Microsoft Windows Server operating system, the appropriate version of Password Policy Manager must be installed.
|NOTE: Password Policy Manager does not override the native Windows security policy rules, rather the more restrictive of the two rules will be enforced. So if both Password Manager and the Windows Password policy have minimum length requirements and they are not the same, then the more restrictive of the two will be enforced. Password Manager does not overwrite or exclude the native default Windows policies. If you don't want those in place, you will need to disable them.|
Password Policy Manager is deployed on all Domain Controllers through Group Policy. You can create a new Group Policy object (GPO) or use an existing one to assign the installation package with Password Policy Manager to the destination computers. Password Policy Manager is then installed on computers on which the GPO applies. Depending on the operating system running on the destination computers, you must apply the appropriate installation package included on the installation media:
The installation packages are located in the \Password Manager\Setup\ folder on the installation media.
To configure rules for a password policy:
|NOTE: You must select both or the policy will not be applied to users. The options set here are exactly as you would see the Link option in the native Microsoft Group Policy Management Console (GPMC.msc) MMC Snap-In.|