PrepAway - Latest Free Exam Questions & Answers

You need to ensure that the minimum password length of the local user accounts on the research servers in the

Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012 R2.
An organizational unit (OU) named ResearchServers contains the computer accounts of all
research servers.
All domain users are configured to have a minimum password length of eight characters.
You need to ensure that the minimum password length of the local user accounts on the
research servers in the ResearchServers OU is 10 characters.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
Configure a local Group Policy object (GPO) on each research server.

B.
Create and link a Group Policy object (GPO) to the ResearchServers OU.

C.
Create a universal group that contains the research servers. Create a Password Settings
object (PSO) and assign the PSO to the group.

D.
Create a global group that contains the research servers. Create a Password Settings
object (PSO) and assign the PSO to the group.

Explanation:
For a domain, and you are on a member server or a workstation that is joined to the domain
1. Open Microsoft Management Console (MMC).
2. On the File menu, click Add/Remove Snap-in, and then click Add.
3. Click Group Policy Object Editor, and then click Add.
4. In Select Group Policy Object, click Browse.
5. In Browse for a Group Policy Object, select a Group Policy object (GPO) in the
appropriate domain, site, or organizational unit–or create a new one, click OK, and then click
Finish.
6. Click Close, and then click OK.
7. In the console tree, click Password Policy.
Where?
Group Policy Object [computer name] Policy/Computer Configuration/Windows
Settings/Security Settings/Account Policies/Password Policy
8. In the details pane, right-click the policy setting that you want, and then click Properties.
9. If you are defining this policy setting for the first time, select the Define this policy setting
check box.
10. Select the options that you want, and then click OK.

14 Comments on “You need to ensure that the minimum password length of the local user accounts on the research servers in the

  3. Singh says:

    I think the answer is D.
    https://technet.microsoft.com/en-us/library/cc770842%28v=ws.10%29.aspx

    PSOs cannot be applied to organizational units (OUs) directly. If your users are organized into OUs, consider creating global security groups that contain the users from these OUs and then applying the newly defined fine-grained password and account lockout policies to them. If you move a user from one OU to another, you must update user memberships in the corresponding global security groups.




    0



    1
    1. a.l.i says:

      B indeed:

      “The policy settings under Account Policies are implemented at the domain level. A Windows Server 2003 domain must have a single password policy, account lockout policy, and Kerberos version 5 authentication protocol policy for the domain. Configuring these policy settings at any other level in Active Directory will only affect local accounts on member servers.”

      From the link provided by @JohnyBoy:

      https://technet.microsoft.com/pt-pt/library/cc757692(v=ws.10)




      0



      0
  4. evoken says:

    D
    PSOs can be linked to global security groups or users but not OU’s.If you want to apply password and lockout policies to users in an OU, you must create a global security group that includes all of the users in the OU. This type of group is called a shadow group—its membership shadows, or mimics, the membership of an OU.
    If one or more PSOs are linked directly to the user, PSOs linked to groups are ignored, regardless of their precedence. The user-linked PSO with highest precedence wins.




    0



    0

Leave a Reply