I see in literature that 2008 gives granular passwoird policies, anyone out there using this?I see it gives multiple PW policies in a domain that sounds great too, does it work? Does the forest need to be at a particular functional level? We currently own specops to do multiple PW policies in a domain but it sounds like this enhancement washes away my need for that thrid party sw.any thoughts?

M1kew1lson said: does it work? It sure does!Not only does this feature offer fine-grained password policies, but also fine-grained lockout policies. M1kew1lson said: Does the forest need to be at a particular functional level? Thedomain needs to be at the Windows Server 2008 domain functional level.The forest functional level doesn't matter.

Hello, More information for your reference: To set the fine-grained password policies for global security group/user account, you may refer to the following steps: a) Click Start, click Run, type adsiedit.msc, and then click OK. b) In the ADSI Edit snap-in, right-click ADSI Edit, and then click Connect to. c) In Name, type the fully qualified domain name (FQDN) of the domain in which you want to create the PSO, and then click OK. d) Double-click the domain. e) Double-click DC=<domain_name>. f) Double-click CN=System. g) Click CN=Password Settings Container. All the PSO objects that have been created in the selected domain appear. h) Right-click CN=Password Settings Container, click New, and then click Object. i) In the Create Object dialog box, under Select a class, click msDS-PasswordSettings, and then click Next. j) In Value, type the custom name of the new PSO, and then click Next. k) Continue with the wizard, and enter appropriate values for all mustHave attributes (specific password policy setting for global security group/user account). You may refer to this tech article for understanding the specific Attribute name. Step 1: Create a PSO---> Attribute name charthttp://technet2.microsoft.com/windowsserver2008/en/library/67dc7808-5fb4-42f8-8a48-7452f59672411033.mspx l) On the last screen of the wizard, click More Attributes. m) On the Select which property to view menu, click Optional or Both. n) In the Select a property to view drop-down list, select msDS-PSOAppliesTo. o) In Edit Attribute, add the distinguished names of global security group/user account such as "CN=name,CN=Users,DC=domain,DC=com" that the PSO is to be applied to, and then click Add. p) Click Finish. Introduce: AD DS: Fine-Grained Password Policies http://technet.microsoft.com/en-us/library/cc770394.aspx Implement: Step-by-Step Guide for Fine-Grained Password and Account Lockout Policy Configuration http://technet.microsoft.com/en-us/library/cc770842.aspx hope it helps.