Damien Coles
f172d00514
Infrastructure-as-code framework for Active Directory objects and Group Policy. Sanitized from production deployment for public sharing.
38 lines
1.5 KiB
PowerShell
38 lines
1.5 KiB
PowerShell
# Fine-Grained Password Policy Definitions (PSOs)
|
|
# Override Default Domain Policy for specific groups.
|
|
# Lower Precedence number = higher priority.
|
|
|
|
@(
|
|
@{
|
|
Name = 'PSO-MasterAdmins'
|
|
Description = 'Strict password policy for Tier 0 admin accounts'
|
|
Precedence = 10
|
|
MinPasswordLength = 16
|
|
PasswordHistoryCount = 48
|
|
MaxPasswordAge = '30.00:00:00'
|
|
MinPasswordAge = '1.00:00:00'
|
|
ComplexityEnabled = $true
|
|
ReversibleEncryptionEnabled = $false
|
|
LockoutThreshold = 3
|
|
LockoutDuration = '00:30:00'
|
|
LockoutObservationWindow = '00:30:00'
|
|
AppliesTo = @('MasterAdmins')
|
|
}
|
|
|
|
@{
|
|
Name = 'PSO-DelegatedAdmins'
|
|
Description = 'Moderate password policy for helpdesk admins'
|
|
Precedence = 20
|
|
MinPasswordLength = 12
|
|
PasswordHistoryCount = 24
|
|
MaxPasswordAge = '42.00:00:00'
|
|
MinPasswordAge = '1.00:00:00'
|
|
ComplexityEnabled = $true
|
|
ReversibleEncryptionEnabled = $false
|
|
LockoutThreshold = 5
|
|
LockoutDuration = '00:30:00'
|
|
LockoutObservationWindow = '00:30:00'
|
|
AppliesTo = @('DelegatedAdmins')
|
|
}
|
|
)
|