Pop Quiz: Windows Server 2008 R2 Password Policies
Applies to the "Creating and maintaining Active Directory objects" objective of Exam 70-640.
Q: A company's network security team needs a single domain that can support three different password policies for executives, administrators, and users.
Which of the following needs to be configured in the domain to support multiple password policies? (Choose all that apply.)
Answers are B and D. A Password Settings Object (PSO) and Password Settings Container (PSC) must be configured in a domain to support multiple password policies. The PSC is created by default under the System container in the domain.
Quick Tip: Fine-grained password policies can be applied to different sets of users or groups but cannot be applied to an organizational unit (OU) directly.
Reference: AD DS: Fine-Grained Password Policies
Bonus Question: What new feature found in Windows Server 2008 R2 supports the ability for simplified recovery of Active Directory deleted objects? (The answer, of course, will be revealed next time!)
Answer to bonus question from last week: By default, Windows Server 2008 R2 supports one password policy per domain.
Andy Barkl, MCT/MCITP/MCSA, A+, Network+, Security+, CCNA has been studying technology for 30 years. Of the last 15 years, he has spent much of his time parting the knowledge and experience he has gained through IT exams, over 300, to help others be prepared and successful. He teaches classes in Phoenix, Ariz. where he has lived most of his life. He can be reached by e-mail at [email protected]