A corporate network includes a single Active Directory Domain Services (AD DS) domain.
The HR department has a dedicated organizational unit (OU) named HR. The HR OU has
two sub-OUs: HR Users and HR Computers. User accounts for the HR department reside in
the HR Users OU. Computer accounts for the HR department reside in the HR Computers
OU. All HR department employees belong to a security group named HR Employees. All HR
department computers belong to a security group named HR PCs.
Company policy requires that passwords are a minimum of 6 characters.
You need to ensure that, the next time HR department employees change their passwords,
the passwords are required to have at least 8 characters. The password length requirement
should not change for employees of any other department.
What should you do?
A.
Modify the password policy in the GPO that is applied to the domain.
B.
Create a new GPO, with the necessary password policy, and link it to the HR Users OU.
C.
Create a new GPO, with the necessary password policy, and link it to the HR Computers
OU.
D.
Modify the password policy in the GPO that is applied to the domain controllers OU.
Explanation:
http://technet.microsoft.com/en-us/library/cc770394.aspx
What do fine-grained password policies do?
You can use fine-grained password policies to specify multiple password policies within a
single domain. You can use fine-grained password policies to apply different restrictions for
password and account lockout policies to different sets of users in a domain.
For example, you can apply stricter settings to privileged accounts and less strict settings to
the accounts of other users. In other cases, you might want to apply a special password
policy for accounts whose passwords are synchronized with other data sources.
Are there any special considerations?Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they
are used instead of user objects) and global security groups. By default, only members of
the Domain Admins group can set fine-grained password policies. However, you can also
delegate the ability to set these policies to other users. The domain functional level must be
Windows Server 2008.
Fine-grained password policy cannot be applied to an organizational unit (OU) directly. To
apply fine-grained password policy to users of an OU, you can use a shadow group
Should be B.
0
0
The correct answer is “C”, but in other dumps the question is described as:Create a fine-grained password policy and apply it to the security group named HR Employees.
0
0
i believe the answer is b
0
0