Which of the following options would you choose to recommend a solution that meets the company’s requirements in minimum hardware

You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the domain controllers on the network run Windows Server 2008 and all client computers run Windows Vista. The functional level of the domain is Windows Server 2008.
The company consists of four departments: Sales, Research, Development, and Marketing. The users of the Research department of the company contain sensitive information on their computers. Therefore the company requires that the users from the Research department have higher levels of account and password security than other users in the domain.
Which of the following options would you choose to recommend a solution that meets the company’s requirements in minimum hardware and software costs?

You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the domain controllers on the network run Windows Server 2008 and all client computers run Windows Vista. The functional level of the domain is Windows Server 2008.

The company consists of four departments: Sales, Research, Development, and Marketing. The users of the Research department of the company contain sensitive information on their computers. Therefore the company requires that the users from the Research department have higher levels of account and password security than other users in the domain.

Which of the following options would you choose to recommend a solution that meets the company’s requirements in minimum hardware and software costs?

A.
Create a new Active Directory site for the research department users and deploy a Group Policy object (GPO) to the site.

B.
Create a new domain, add the research department user accounts to the new domain, and configure a new security policy for the new domain.

C.
For the research department users, create a new Password Settings Object (PSO).

D.
Create a new organizational unit (OU) in the domain for research department users called ResearchOU and deploy a GPO to the ResearchOU.

E.
None of the above

Explanation:

To recommend a solution that meets the company’s requirements in minimum hardware and software costs, you need to create a new Password Settings Object (PSO) for the research departments users.

Granular Password Settings” or “Fine-Grained Password Policy”, is based on the introduction of two new object classes in the AD schema: the “Password Settings Container” and “Password Setting” objects. These objects basically provide us the option to introduce multiple password policies into a single AD domain.

Create PSOs and assign them to users and/or groups hosting scenarios where multiple companies are present in a single AD domain, another more common reason is where we need stricter settings to apply to a specific group of people with privileged accounts (like domain administrators, help desk personnel etc.).

Those privileged accounts can have a complexity requirement and a requirement of defining a minimum of 16 characters in their passwords and other, more limited accounts, can have more “user friendly” requirements – although I would recommend everyone to use passwords of that strength.

Reference: Configuring Granular Password Settings in Windows Server 2008, Part 2

http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008-Part2.html



Leave a Reply 0

Your email address will not be published. Required fields are marked *