Discuss the policy sets that an organization might consider when planning fine-grained password policies.

What will be an ideal response?

When your organization plans fine-grained password policies, it is typical to consider having at least three basic policy sets: one for ordinary users, one for administrators, and one for service accounts (such as accounts used by programs that need access to the server). In many cases you can use global administrator and user groups you have already created as the global shadow security groups-there is no need to make life more complicated by adding more groups. Next, consider adding more fine-grained password policies as new security needs arise. For example, you may need to create a set of policies for company auditors because they are given extensive access to the financial resources contained in an accounting server.