How to display fine-grained password policy settings to Authenticated Users ?

circle with an i We are no longer updating this content regularly. Please visit our knowledge base for most current version.


This article provides instructions on configuring Active Directory ACL in order for Authenticated Users to view their fine-grained policy settings.


More Information

SYNERGIX AD Client Extensions password change notification feature works with normal Domain Password Policy and with the fine-grained password policy settings.  However, the fine-grained password policy settings are not displayed to authenticated users unless the ACLs are updated ; this is by design in the Microsoft Windows Operating System.



  1. Log into a domain computer with a user account that has domain admin privileges. 
  2. From Windows Start button, select Programs \ Administrative Tools and launch "ADSI Editor" or run ADSIEDIT.MSC.
    1. If you are operating Windows 7.0 domain computer, you must have RSAT installed to start ADSIEDIT.MSC
    2. If you are operating Windows XP domain computer, you must have Administrator Tool ( adminpak.msi ) for Windows 2003 console installed.
  3. In ADSIEDIT, expand the domain root / default naming context
  4. Select CN=System and then, expand CN=Password Setting Container
  5. Right mouse click on CN=Password Setting Container and select Properties
  6. Click on Security Tab
  7. Click on Advanced
  8. Click on Add and enter Authenticated Users and grant READ permissions
  9. Set Applies To to "This object and all descendant objects"  ( default is This Object Only )
  10. Click on OK to close down on all open windows
  11. Close ADSIEDIT.MSC

Test Scenario




Author: Sujeeth

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk