Re: Possible Bad Question

From: TechGeekPro (%username%_at_yahoo.com)
Date: 04/02/04


Date: Fri, 2 Apr 2004 15:30:24 -0500


--
I may not be fully certified, but I am fully certifiable.
"Neil" <neilmcse@nospamforyou.com> wrote in message
news:Xns94BF9A2FDD27Fneilmcsehotmailcom@207.46.248.16...
> "TechGeekPro" <%username%@yahoo.com> wrote in
> news:#kxUQgOGEHA.3764@TK2MSFTNGP12.phx.gbl:
>
> > "Since the local policy dictates 3 logon attempts, and the Domain
> > policy dictates 5 then "5" is the result..."
> >
> > Ah, but the question didn't state "Domain Policy" but "Domain
> > Controllers Policy" which from what I understand only affects the
> > computers in the built-in Domain Controllers OU. She is logging into
> > the Domain but not into a Domain Controller.
> >
> > --
> > I may not be fully certified, but I am fully certifiable.
> >
> > "Stew Basterash" <stewartbash@hotmail.com> wrote in message
> > news:e3DRPbOGEHA.2600@TK2MSFTNGP12.phx.gbl...
> >> Once a computer is added to a domain policies are applied in this
> >> order
> > LSDO
> >> (Local, Site, Domain, OU)... Since the local policy dictates 3 logon
> >> attempts, and the Domain policy dictates 5 then "5" is the result
> >> becuase the setting is overridden in the order of application... In
> >> addition, it doesn't matter if she logs in locally or to an actual
> >> domain account... System ("computer") Policy settings are applied at
> >> startup regardless if
> > she
> >> actually logs into her domain account or not... As I stated...
> >> Computer settings in a policy are applied at startup... User settings
> >> are applied
> > at
> >> account login...
> >>
> >> "TechGeekPro" <%username%@yahoo.com> wrote in message
> >> news:%23f9pCOOGEHA.1012@TK2MSFTNGP11.phx.gbl...
> >> > I'm taking a practice test for the 70-218 using the CramMaster
> >> > software.
> >> >
> >> > Question:
> >> >
> >> > Jennifer is an employee of a company called XYZ Dimensions Inc.
> >> > located
> > in
> >> > Chicago. Jennifer is currently using a stand-alone Windows 2000
> >> Professional
> >> > workstation, named JennyW2KP, to use a locally installed graphics
> > editing
> >> > application. As the administrator, you are going to add JennyW2KP
> >> > to the Windows 2000 Domain, named XYZDimensions.edu, which
> >> > currently consists
> > of
> >> > one Windows 2000 Server Domain Controller and four Windows 2000
> >> Professional
> >> > workstations.
> >> >
> >> > Before adding JennyW2KP to the XYZDimensions.edu Domain, you use
> >> > the
> > Local
> >> > Group Policy MMC snap-in on JennyW2KP and configure the account
> >> > lockout
> >
> >> > policy to lock out Jennifer's local user account after three bad
> >> > logon attempts. Afterwards, you configure the Default Domain
> >> > Controllers
> > Policy
> >> to
> >> > lockout Jennifer's Domain Account after two bad logon attempts.
> >> >
> >> > What will be Jennifer's result if she attempts to logon to the
> >> > Windows
> >> 2000
> >> > Network using her Domain Logon account and providing an invalid
> >> > password both times? Select the correct answer.
> >> >
> >> >       A Jennifer will be locked out of the Windows 2000 Network for
> >> >       a
> >> > configured amount of time designated by the administrator.
> >> >
> >> >       B Jennifer will be allowed three more logon attempts to the
> > Windows
> >> > 2000 Network because the Local Group Policy and Default Domain
> > Controllers
> >> > Policy cumulatively allow her five bad logon attempts.
> >> >
> >> >       C Jennifer will be allowed one more logon attempt to the
> >> >       Windows
> >> 2000
> >> > Professional machine because the Local Group Policy allows her
> >> > three bad logon attempts.
> >> >
> >> >       D Jennifer will be allowed one more logon to the Windows 2000
> >> Network
> >> > because the Local Group Policy overrides the Group Policy.
> >> >
> >> >
> >> > Correct answer:
> >> >
> >> >       B Jennifer will be allowed three more logon attempts to the
> > Windows
> >> > 2000 Network because the Local Group Policy and Default Domain
> > Controllers
> >> > Policy cumulatively allow her five bad logon attempts.
> >> >
> >> >
> >> > Explanation:
> >> >
> >> > Jennifer is using a Domain User account, which is impacted by the
> > settings
> >> > the administrator configured in the Default Domain Controllers
> >> > Policy.
> >> >
> >> >
> >> > My question is, since she is not logging on to a domain controller,
> >> > I thought she wouldn't be affected by the default doamin
> >> > controllers
> > policy,
> >> > therefore, her account should be locked out.
> >> >
> >> > Am I way off base here or is this a bad question?
> >> >
> >> > --
> >> > I may not be fully certified, but I am fully certifiable.
> >> >
> >> >
> >> >
> >>
> >>
> >
> >
>
> kb article 259576
>
> --
> Neil
> "you'd do what, to who, for how many biscuits?"
What? No link? Tsk,tsk. http://tinyurl.com/2l4mg


Relevant Pages

  • Re: Stop Certain user accounts logging onto pc??
    ... just put that account into the "Deny Logon ... Locally" list and enable that policy. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Limit number of Logon attempts
    ... I understand that you want to adjust the logon attempts through Group ... we have an Account Lockout policy ...
    (microsoft.public.windows.server.sbs)
  • Re: you do not have permission to log on locally
    ... I am having the same problem, I can't logon with the local machine account ... I am unable to remove the administrators account from the "deny local log ". ... the efffective policy setting still remains. ... > Use domain policy to override whatever security settings are causing ...
    (microsoft.public.win2000.security)
  • Re: Protect user accounts
    ... Enable strong passwords in the password policy, ... this helps to protect in that way if some one take over an account the ... users in OU1 to computers in OU2 and the other way around. ... > failed logon attemps. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cant login with new user account
    ... Are you trying to logon to a DC? ... there's a policy there that denies access to logon interactively ... I've created a new account in Active ... > - Group Policy Creator Owners ...
    (microsoft.public.windows.server.active_directory)