Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012. An organizational unit (OU) named ResearchServers contains the computer accounts of all research servers. All domain users are configured to have a minimum password length of eight characters.
You need to ensure that the minimum password length of the local user accounts on the research servers in the ResearchServers OU is 10 characters.
What should you do?
A.
Create a universal group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group.
B.
Configure a local Group Policy object (GPO) on each research server.
C.
Create and link a Group Policy object (GPO) to the ResearchServers OU.
D.
Create a global group that contains the research servers. Create a Password Settings object (PSO) and assign the PSO to the group.
I believe this answer(C) is incorrect due to the fact that password and account policy settings can only be defined ONCE in a GPO and linked at the domain level. This drawback can be overcome by using fine grained policies (PSOs) defined in the Administrative Center. In my opinion the least amount of administrative effort would be to use option D (create a group with all research servers and assign a different PSO). Anyone else share any thoughts on this?
Well, i think i’ve spotted my error here : PSOs can be applied to Global Security groups which is good so far, the only problem here being that the members of the group are computer accounts. PSO’s can only be applied to Users and Global Groups, and i imagine the members of the groups should also only be users and other groups..
Thanks, Alex
http://www.brandonlawson.com/active-directory/creating-fine-grained-password-policies/
Create a new policy, link it to the ResearchServersOU and edit:
go to computer configuration>policies>Windows Settings>Security settings>Account Policies>Password policies>Minimum password lenght
As a result C: is correct.
But you modify all settings of all users in the domain.
the question says: you need to enure that the only local account have a password lenght of 10 characters, not other account!!
Nope, Daniele, you’re in wrong. Any other password length GPO, different from default domain policy, will affect only local user accounts
https://technet.microsoft.com/pt-pt/library/cc757692(v=ws.10).aspx
Ciao!
Putting 11’s link explicitly :
The policy settings under Account Policies are implemented at the domain level. A Windows Server 2003 domain must have a single password policy, account lockout policy, and Kerberos version 5 authentication protocol policy for the domain. Configuring these policy settings at any other level in Active Directory will only affect local accounts on member servers.
By default, workstations and servers joined to a domain — the domain member computers — also receive the same account policy for their local accounts. However, local account policies for member computers can be differentiated from the domain account policy by defining an account policy for the OU that contains the member computers.
Account Policies contains three subsets:
Password Policy. These policy settings are used for domain or local user accounts. They determine settings for passwords, such as enforcement and lifetimes.
Account Lockout Policy. These policy settings are used for domain or local user accounts. They determine the circumstances and length of time that an account will be locked out of the system.
Kerberos Policy. These policy settings are used for domain user accounts. They determine Kerberos-related settings, such as ticket lifetimes and enforcement. Kerberos policy settings do not exist in local computer policy.
This was a very sneaky question.
C is correct.
I did a test lab, if you create a new policy with password settings changed and link it to ResearchServersOU it don’t go, local user for computer in the OU, inherit password settings from the domain policy settings, but if you activate Block Inheritance for the ResearchServersOU things change and local user for the computer in that OU get password settings from the new group policy linked to the OU.
Ciao
この最初の腕時計の白い腕時計はクールということを証明した。それは、垂直クロノグラフ分計800シリーズ名tx線形クロノグラフ腕時計の1つです。第2のタイムゾーンとダイヤルの全体的なデザインは独特で、とげとげしくなる逆行ダイヤルがある。ホワイトトーン腕時計を通して持続する(明らかに)、しかし、それは100 %の定義はありません。あなたにはまだ若干のスポーティなオレンジとゴールドトーンダイヤルと手の上に上がりました。それは本当にうまくやった。私は高浮き彫りを付して白い回転ベゼルにホワイトが好きにしてください。グッチスーパーコピーブランド財布腕時計を見事に45 mmのワイドサイズまたは多分私の手首の上で非常に快適でした。あなたは、ダイヤルは最初は少し威嚇を見つけるかもしれませんが、ライブであなたの観察の後にすることは非常に簡単です。本当に素敵な白い色はしばしば見やすいスポーツです。この時計は本当に新しいであったので、私は正確なモデル番号を見つけることができません、しかし、それは価格の間にどこかについてドルであるべきです。 http://www.ooobag.com/watch/omega/sea/b31f229322cff3c8.html
高品質コピーブランド通販店
当店は主に高品質低価格複製品も含め、腕時計、バッグ、財布、マフラー、アクセサリーなど。
各種のブランドはそろって、在庫情報は随時更新しそして優待価格、品質保証100 %。
安心してご購入ください!!
店長お薦めは以下の商品:
1,フランクミュラー高品質コピー
2,高品質コピー マフラー各種のブランド偽物(コピー商品)のマフラー
★歓迎光臨S品N品コピーブランド高品質店