- 3 views
Exam
Answer needs confirmation
Question
What is the effective minimum password length for User1 and Admin1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Proposed answer
Hot Area:
Suggested answer
Box 1: 9 -
When multiple PSOs apply to a user, the PSO with the highest precedence (lowest precedence number) applies which in this case is PSO1.
Box 2: 8 -
There are no PSOs applied to Admin1 so the password policy from the Default Domain GPO applies.
The Minimum password length setting in GPO1 would only apply to local user accounts on computers in OU1. It does not apply to domain user accounts.
TakingExams_Forever
Highly Voted 1 year, 1 month ago
User1 - 9 Admin1 - 8 The Default Domain policy in this scenario takes precedence over the GPO. If GPOs are set at any level below the domain level in Active Directory Domain Services (AD DS), they affect only LOCAL ACCOUNTS on member servers. FGPPs (PSOs) can be used to specify password policies that affect DOMAIN USERS within the domain, taking precedence over any domain level policies.
upvoted 10 times
BlackCat9588
Most Recent 1 day, 14 hours ago
User - 9 (PSO precedence 10) Admin - 8 (default policy)
upvoted 1 times
phi3nix
7 months, 3 weeks ago
Admin1 - 8 User1 -9 (precedence 10 take priority over 20) "Each PSO must have a precedence index number. PSOs with a higher precedence index, like 1, take priority over those with a lower precedence index, like 10"
upvoted 1 times
tanoj
9 months ago
LSDOU is an acronym used when applying GPO's which means local, site, Domain and OU. The last GPO setting always wins which is applied to OU. so the admin1 falls under OU. so the minimum password length will be 10.
upvoted 2 times
syu31svc
9 months, 2 weeks ago
Answer is correct Admin1 falls under Default Domain for the password policy and User1 has fine grain password policy applied to it. Lower precedence takes priority. User1 - 9 Admin1 - 8
upvoted 4 times
kijken
10 months, 3 weeks ago
user1 9 admin1 8 Which is very unlogical
upvoted 2 times
Rickerttt
11 months ago
Tested this in an test environment: Default Domain Policy: Minimum password length: 9 Password Policy GPO: Minimum password length: 10 Logged in with administrator account -> rsop.msc -> Minimum password length: 10 So the right answer must be: User1: 9 Admin1: 10
upvoted 3 times
phi3nix
7 months, 3 weeks ago
Not true. Please check how the precedence works. "Each PSO must have a precedence index number. PSOs with a higher precedence index, like 1, take priority over those with a lower precedence index, like 10" Admin1 - 8 User1 -9 (precedence 10 takes priority over 20)
upvoted 2 times
Verdural
11 months, 2 weeks ago
User1: 9 (PSO2 will be alppied first and then the PSO1 - Lowest Precedence is on top of list, and applied last) Admin1: 10 (Default Domain Policy will be applied first and then the GPO1 - FLow: Local, Site, Domain, OU)
upvoted 4 times
OluDim
1 year, 1 month ago
The given answer is correct https://blogs.manageengine.com/corporate/general/2017/01/13/microsoft-password-policies-gpo-based-vs-fine-grained-policies.html#:~:text=There%20can%20be%20only%20one%20password%20policy%20if%20you%20use,users%20located%20in%20that%20OU.
upvoted 3 times
Leocan
1 year, 1 month ago
Given answer is correct.
upvoted 3 times
joehoesofat
1 year, 2 months ago
Sorry my mistake- its 8 and 10- The Admin account is in an OU - THE USER ACCOUNT is - this means the GPO will apply as the more specific GPO will apply to the domain account in its OU- the prescedence from top to bottom works for PSE but not policies- the policy rule is the one closed to the obect gets applied last- the GPO says the password policy is a 10 Character password- so 8 and 10
upvoted 3 times
joehoesofat
1 year, 2 months ago
The Answers should be 9 and 8. The GPO1 Policy applied to OU1- User1,3 and admin1- but some users have he PSO- so they may be different- the Admin user is not impacted by the PSo SO - THE Gpo applies - it says local nowhere- Admin is 10 so 9 and 10
upvoted 3 times