Re: Possible Bad Question

From: Neil (neilmcse_at_nospamforyou.com)
Date: 04/02/04 

Date: Fri, 02 Apr 2004 12:09:29 -0800

"TechGeekPro" <%username%@yahoo.com> wrote in
news:#kxUQgOGEHA.3764@TK2MSFTNGP12.phx.gbl:

> "Since the local policy dictates 3 logon attempts, and the Domain
> policy dictates 5 then "5" is the result..."
>
> Ah, but the question didn't state "Domain Policy" but "Domain
> Controllers Policy" which from what I understand only affects the
> computers in the built-in Domain Controllers OU. She is logging into
> the Domain but not into a Domain Controller.
>
> --
> I may not be fully certified, but I am fully certifiable.
>
> "Stew Basterash" <stewartbash@hotmail.com> wrote in message
> news:e3DRPbOGEHA.2600@TK2MSFTNGP12.phx.gbl...
>> Once a computer is added to a domain policies are applied in this
>> order
> LSDO
>> (Local, Site, Domain, OU)... Since the local policy dictates 3 logon
>> attempts, and the Domain policy dictates 5 then "5" is the result
>> becuase the setting is overridden in the order of application... In
>> addition, it doesn't matter if she logs in locally or to an actual
>> domain account... System ("computer") Policy settings are applied at
>> startup regardless if
> she
>> actually logs into her domain account or not... As I stated...
>> Computer settings in a policy are applied at startup... User settings
>> are applied
> at
>> account login...
>>
>> "TechGeekPro" <%username%@yahoo.com> wrote in message
>> news:%23f9pCOOGEHA.1012@TK2MSFTNGP11.phx.gbl...
>> > I'm taking a practice test for the 70-218 using the CramMaster
>> > software.
>> >
>> > Question:
>> >
>> > Jennifer is an employee of a company called XYZ Dimensions Inc.
>> > located
> in
>> > Chicago. Jennifer is currently using a stand-alone Windows 2000
>> Professional
>> > workstation, named JennyW2KP, to use a locally installed graphics
> editing
>> > application. As the administrator, you are going to add JennyW2KP
>> > to the Windows 2000 Domain, named XYZDimensions.edu, which
>> > currently consists
> of
>> > one Windows 2000 Server Domain Controller and four Windows 2000
>> Professional
>> > workstations.
>> >
>> > Before adding JennyW2KP to the XYZDimensions.edu Domain, you use
>> > the
> Local
>> > Group Policy MMC snap-in on JennyW2KP and configure the account
>> > lockout
>
>> > policy to lock out Jennifer's local user account after three bad
>> > logon attempts. Afterwards, you configure the Default Domain
>> > Controllers
> Policy
>> to
>> > lockout Jennifer's Domain Account after two bad logon attempts.
>> >
>> > What will be Jennifer's result if she attempts to logon to the
>> > Windows
>> 2000
>> > Network using her Domain Logon account and providing an invalid
>> > password both times? Select the correct answer.
>> >
>> > A Jennifer will be locked out of the Windows 2000 Network for
>> > a
>> > configured amount of time designated by the administrator.
>> >
>> > B Jennifer will be allowed three more logon attempts to the
> Windows
>> > 2000 Network because the Local Group Policy and Default Domain
> Controllers
>> > Policy cumulatively allow her five bad logon attempts.
>> >
>> > C Jennifer will be allowed one more logon attempt to the
>> > Windows
>> 2000
>> > Professional machine because the Local Group Policy allows her
>> > three bad logon attempts.
>> >
>> > D Jennifer will be allowed one more logon to the Windows 2000
>> Network
>> > because the Local Group Policy overrides the Group Policy.
>> >
>> >
>> > Correct answer:
>> >
>> > B Jennifer will be allowed three more logon attempts to the
> Windows
>> > 2000 Network because the Local Group Policy and Default Domain
> Controllers
>> > Policy cumulatively allow her five bad logon attempts.
>> >
>> >
>> > Explanation:
>> >
>> > Jennifer is using a Domain User account, which is impacted by the
> settings
>> > the administrator configured in the Default Domain Controllers
>> > Policy.
>> >
>> >
>> > My question is, since she is not logging on to a domain controller,
>> > I thought she wouldn't be affected by the default doamin
>> > controllers
> policy,
>> > therefore, her account should be locked out.
>> >
>> > Am I way off base here or is this a bad question?
>> >
>> > --
>> > I may not be fully certified, but I am fully certifiable.
>> >
>> >
>> >
>>
>>
>
>

kb article 259576 

-- 
Neil
"you'd do what, to who, for how many biscuits?"

Relevant Pages

  • Re: Default Domain password policy issue
    ... The domain controllers are members of authenticated users. ... as for applied Group Policy objects for computer settings. ... Policy replication/version problems. ... The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.windows.group_policy)
  • Re: USERENV error - Group Policy
    ... policy object in AD. ... folder and GPO, returning the security to normal settings, did another GP ... -Domain controllers have read/apply on DC policy (this policy includes the ... If Clients Windows 2003,Xp,2000: ...
    (microsoft.public.windows.server.active_directory)
  • Re: Default Domain Policy Doesnt Apply
    ... Also to add that Group Policies are by default applied in this ... level will be overriden by any defined settings at the site, domain, OU ... account policies] are not being applied to the domain controllers since they ... > password and lockout policy can ony be set at the domain level for domain ...
    (microsoft.public.win2000.group_policy)
  • Re: USERENV error - Group Policy
    ... -Domain controllers have read/apply on DC policy (this policy includes the ... -SYSVOL share/NTFS permissions are set correctly (inc. special permissions ... -I've also examined the SMB signing settings, ...
    (microsoft.public.windows.server.active_directory)
  • Re: USERENV error - Group Policy
    ... However, as per instructions, I've set these permissions correctly. ... policy object in AD. ... folder and GPO, returning the security to normal settings, did another GP ... -Domain controllers have the read and apply rights to the Domain Controllers ...
    (microsoft.public.windows.server.active_directory)
Quantcast