PrepAway - Latest Free Exam Questions & Answers

You need to ensure that, the next time HR department employees change their passwords, the passwords are requi

A corporate network includes a single Active Directory Domain Services (AD DS) domain.
The HR departmenthas a dedicated organizational unit(OU) named HR.
The HR OU has two sub-OUs: HR Usersand HR Computers.
User accountsfor the HR department reside in the HR Users OU.
Computer accountsfor the HR department reside in the HR Computers OU.
All HR department employeesbelong to a security groupnamed HR Employees.
All HR department computersbelong to a security groupnamed HR PCs.
Company policyrequires that passwords are a minimum of 6 characters.
You need to ensure that, the next time HR department employees change their passwords, the
passwords are required to have at least 8 characters.
The password length requirement should not change for employees of any other department.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
Modify the password policy in the GPO that is applied to the domain.

B.
Create a new GPO, with the necessary password policy, and link it to the HR Users OU.

C.
Create a fine-grained password policy and apply it to the security group named HR Employees.

D.
Modify the password policy in the GPO that is applied to the domain controllers OU.

Explanation:
Thanks to Camel73 for confirming there was an errorin answer C. That’s fixed now.
Reference:
http://technet.microsoft.com/en-us/library/cc770394.aspx
What do fine-grained password policies do?
You can use fine-grained password policies to specify multiple password policies within a single domain. You
can use fine-grained password policies to apply different restrictions for password and account lockout policies
to different sets of users in a domain.
For example, you can apply stricter settings to privileged accounts and less strict settings to the accounts of
other users. In other cases, you might want to apply a special password policy for accounts whose passwords
are synchronized with other data sources.
Are there any special considerations?
Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used
instead of user objects) and global security groups.By default, only members of the Domain Admins group
can set fine-grained password policies. However, you can also delegate the ability to set these policies to other
users. The domain functional level must be Windows Server 2008.
Fine-grained password policy cannot be applied to an organizational unit (OU) directly. To apply finegrained password policy to users of an OU, you can use a shadow group.


Leave a Reply