A corporate network includes a single Active Directory Domain Services (AD DS} domain.
The HR department has a dedicated organization unit (OU) named HR. The HR OU has two
sub-OUs: HR Users and HR Computers. User accounts for the HR department reside in the
HR Users OU. Computer accounts for the HR department reside in the HR Computers OU.
All HR department employees belong to a security group named HR Employees. All HR
department computers belong to a security group named HR PCs.
Company policy requires that passwords are a minimum of six characters.
You need to ensure that, the next time HR department employees change their passwords,
the passwords are required to have at least eight characters. The password length
requirement should not change for employees of any other department.
What should you do?
A.
Modify the local security policy on each computer in the HR PCs group.
B.
Create a fine-grained password policy and apply it to the HR Employees group.
C.
Create a new GPO, with the necessary password policy, and link it to the HR Computers
OU.
D.
Create a fine-grained password policy and apply it to the HR Computers OU.
The answer is B.
Definitively:
Fine-grained password policy cannot be applied to an organizational unit (OU) directly. To apply fine-grained password policy to users of an OU, you can use a shadow group.
A shadow group is a global security group that is logically mapped to an OU to enforce a fine-grained password policy. You add users of the OU as members of the newly created shadow group and then apply the fine-grained password policy to this shadow group.
0
0
Right, B
0
0