| Author |
I'm confused with this question!
|
|
| NetChild1985 2002-08-23, 11:20 am |
| I'm confused with this question. It's from Jrksoftware EasyCert Demo. They are saying the answer is B, but I disagree. I think it's A, because when you run the Secedit/refreshpolicy machine_policy/enforce command there is no matter which user is logging to this machine, the policy will be applied to him.
Am I right? Any suggestions please?
You are a network administrator for your company. To meet the requirement of the company's new password policy, you must configure a minimum length of eight characters for new network passwords.
On a domain controller named DC01, you modify the Default Domain Group Policy Object (GPO). You test the new configuration on your Windows 2000 Professional computer. You can still create two - character password.
You need to ensure that the password policy changes are immediately enforced for all users in the domain. What should you do?
A. On DC01, run the Secedit/refreshpolicy machine_policy/enforce command.
B. On DC01, run the Secedit/refreshpolicy user_policy/enforce command.
C. Create a new GPO and configure the password policy. Link the new GPO to the organizational unit
(OU) that contains all user accounts.
D. Create a new GPO and configure the password policy. Link the new GPO to the organizational unit
(OU) that contains all computer accounts. | |
| secondskin 2002-08-23, 11:48 am |
| You are right. The answer is A.
The password section is found under computer configuration section and not the user section.
Your test question is wrong, bin it. | |
| ruscorp 2002-08-23, 5:54 pm |
| NetChild1985: You are absolutely right, you should "A: Secedit/refreshpolicy machine_policy/enforce command" not the user. I would report the error to EasyCert. I have that same demo and don't recall coming across that bad answer. | |
| River19 2002-08-23, 7:49 pm |
| I agree about the answer being wrong, it should be A. Definately | |
| NetChild1985 2002-08-23, 11:39 pm |
| OK! I'm already 100% sure! Thanks guys!  | |
| Deja-vue 2002-08-24, 1:19 am |
| not so fast, Guys!
hmmm, let me think.
 | |
|
|
| Zaraspook 2002-08-24, 7:43 am |
| Deja's right, the answer is B! On DC01 you need to run the secedit /refreshpolicy user_policy /enforce, which will immediately apply the GPO to the appropriate users. In this case, that would be all users in the domain, since it is the Default Domain Group Policy object. The question does explicitly state "enforced for all users"!  | |
| NetChild1985 2002-08-24, 8:10 am |
| This question really confused me! Okay, finally I accept "B" as the correct answer!
Thanks for the links Deja!
Tomorrow is my exam. May the force be with me! | |
| River19 2002-08-24, 11:44 am |
| Thank you Deja-Vue, for setting us all straight :-) | |
| secondskin 2002-08-24, 4:39 pm |
| Im sorry but I dont agree.
You change password settings under the computer configuration and not the user configuration.
Therefore with secedit
machine_policy corresponds to computer configuration
user_policy corresponds to user_configuration.
If you change any of the settings in computer policy section then you use
secedit /refreshpolicy machine_policy /enforce.
So since the password policy resides in this section, that is the secedit you need to use.
IMHOhttp://www.microsoft.com/windows200..._refreshNow.htm | |
|
|
| secondskin 2002-08-24, 10:48 pm |
| As far as I am aware there is security settings in both the computer configuration and user configuration.
The settings for the password change reside in computer configuration and not user configuration.
The link I gave you says which secedit command to use in order to refresh each section of the policy and enforce that policy immediately.
If you are on a DC that holds the domain policy and you change password type on that policy then you need to use the secedit machine policy in order to immediatley refresh that policy.
Thats just the way I have been taught.
 | |
| The Light 2002-09-09, 6:16 am |
| Hmmmm... In my EasyCert the proposed correct answer is A. It seems that the vendor of EasyCert has updated their 70-218. I have downloaded it two weeks ago.
quote:
Originally posted by NetChild1985
I'm confused with this question. It's from Jrksoftware EasyCert Demo. They are saying the answer is B, but I disagree. I think it's A, because when you run the Secedit/refreshpolicy machine_policy/enforce command there is no matter which user is logging to this machine, the policy will be applied to him.
Am I right? Any suggestions please?
You are a network administrator for your company. To meet the requirement of the company's new password policy, you must configure a minimum length of eight characters for new network passwords.
On a domain controller named DC01, you modify the Default Domain Group Policy Object (GPO). You test the new configuration on your Windows 2000 Professional computer. You can still create two - character password.
You need to ensure that the password policy changes are immediately enforced for all users in the domain. What should you do?
A. On DC01, run the Secedit/refreshpolicy machine_policy/enforce command.
B. On DC01, run the Secedit/refreshpolicy user_policy/enforce command.
C. Create a new GPO and configure the password policy. Link the new GPO to the organizational unit
(OU) that contains all user accounts.
D. Create a new GPO and configure the password policy. Link the new GPO to the organizational unit
(OU) that contains all computer accounts.
| |
| CyberDude 2002-09-12, 12:55 pm |
| I believe it is A also, because of the fact that the p/w policy resides in the computer config node of the GPO. You can use the /enforce switch with both refresh policies.  | |
| ruscorp 2002-09-12, 12:59 pm |
| Damn trick questions... | |
| CyberDude 2002-09-12, 1:03 pm |
| Check the resouce kit, it confirms machine policy. The same info is at one of the links given earlier. |
|
|
|