HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise. select No. NOTE: Each correct selection is worth one point. Hot Area:
I am confused... I thought that the only place where you set the password policies is the default domain policy. And is applicable for all users. If you want to refine the password policies you can use Fine Grained Password policy. This should be enabled for specific users and groups. (NO OU's)
So that means the answers should be: NYN
So
You're right.
The password settings in a group policy object (GPO) are applied at the domain level only. If you have multiple organizational units (OU or departments) or groups, you cannot enforce password settings at the OU or group level. That’s why the fine-grained policy comes in.
https://blogs.manageengine.com/corporate/general/2017/01/13/microsoft-password-policies-gpo-based-vs-fine-grained-policies.html
i think you're right!
Password policy can only be changed in the efault domain policy, which needs to apply on the DC with the PDC emulator role
http://woshub.com/password-policy-active-directory/
Box1: No - Admin1 is a domain user, thus only password settings which are applied on DCs will work in this case. From given GPOs only Default Domain Policy are applied on DCs, so minimum passwords length = 10 -> Admin1 does not have to use longer password
Box2: Yes - User1 is a domain user too so we have same situation as above: minimum passwords length = 10 -> User1 must use a password that has at least 10 characters
Box3: Password settings for local users on Server1 are comming from GPO which is applied to Server1. Server1 is in OU=Member Servers. OU is linked with GPO2 thus local users on Server1 must use a password that has at least 8 characters
Maybe it's N Y N
I agree with Admin1 & User1, but Server1 is being promoted to a DC so it will probably get moved to the Domain Controllers OU, and no longer get GPO from Member Servers
It's a trick. If you create a new user account before server1 is promoted, GPO2 applies.
And you cannot create a "local" user after server1 is promoted.
So I prefer "Yes."
Correction: NYN. not because Server1 is being promoted to a DC.
The password settings in a group policy object (GPO) are applied at the domain level only. If you have multiple organizational units (OU or departments) or groups, you cannot enforce password settings at the OU or group level. That’s why the fine-grained policy comes in.
https://blogs.manageengine.com/corporate/general/2017/01/13/microsoft-password-policies-gpo-based-vs-fine-grained-policies.html
Basic stuff - GPO's are applied in the order Local, Site, Domain, OU. Local policy password length defaults to 8, but this is irrelevant because Server1 is in the domain, so it gets Default Domain policy.
Point 1 - password settings for anything that's in a domain can only be set in the Default Domain Policy. Trying to set different lengths at a lower level is a nice idea but simply does not work. Default Domain Policy states 10 character passwords, so Admin1/User1 get that setting.
Point 2 - if there's a need for (say) admins to have longer passwords, you need fine-grained password policies, as others here have pointed out. This is the only way!
So N, Y, N.
You can only have one password policy in AD and that is the default domain policy
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements--level-100-
You can use fine-grained password policies to specify multiple password policies within a single domain and apply different restrictions for password and account lockout policies to different sets of users in a domain
Answer is
No
Yes
No
NYN
You only can have more than 1 policy for password if you are using Policy Granular, so if you have 1 policy for password at domain level, the others doesn't do nothing.
So 1 and 2 question is No.The 3 question is about local user, so is N
Yes - Admin1 in OU1 = GPO1 = 14 (GPO1 overwrites Default Domain Policy)
Yes - NO GPO1 or GPO2 = Default Domain Policy = 10
No - New local User - Domain Policies not working - Need Local Policy = No password policy
Wow this is all mixed up. -- ok simple talk - there is some basic information here we cant change - Admin1 and User 1 both have Password policies set in stone- so it Y and Y for the first 2. Only Default Password policy is applied to DC? LOL Admin1 is a domain user? LOL - Ok so any way Yes , yes and the last one would be Y as well accept for the fact that that server is becoming a DC -- so my bet is this is the final :
Y
Y
N
The last one is up to your interpretation - its in the member servers ou unless it becomes a DC- then it wont be and that GPO would not apply.
Good luck all
upvoted 6 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Rel2002
Highly Voted 2 years, 3 months agoLeocan
2 years, 1 month agoMarkusSan
2 years agolukiduc9625
Highly Voted 2 years, 3 months agolukiduc9625
2 years, 3 months agoProfileX
2 years, 3 months agoLeocan
2 years, 1 month agoLeocan
2 years, 1 month agoSwissGuy
1 year, 11 months agoneilkraftmann
Most Recent 4 months, 2 weeks agosyu31svc
1 year, 9 months agoraulgar
1 year, 9 months agoBJack
1 year, 11 months agoGoofer
1 year, 11 months agojohosofat
2 years, 1 month ago