Re: Possible Bad Question

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: TechGeekPro (%username%_at_yahoo.com)
Date: 04/02/04 

Date: Fri, 2 Apr 2004 14:24:02 -0500

"Since the local policy dictates 3 logon attempts, and the Domain policy
dictates 5 then "5" is the result..."

Ah, but the question didn't state "Domain Policy" but "Domain Controllers
Policy" which from what I understand only affects the computers in the
built-in Domain Controllers OU. She is logging into the Domain but not into
a Domain Controller. 

--
I may not be fully certified, but I am fully certifiable.
"Stew Basterash" <stewartbash@hotmail.com> wrote in message
news:e3DRPbOGEHA.2600@TK2MSFTNGP12.phx.gbl...
> Once a computer is added to a domain policies are applied in this order
LSDO
> (Local, Site, Domain, OU)... Since the local policy dictates 3 logon
> attempts, and the Domain policy dictates 5 then "5" is the result becuase
> the setting is overridden in the order of application... In addition, it
> doesn't matter if she logs in locally or to an actual domain account...
> System ("computer") Policy settings are applied at startup regardless if
she
> actually logs into her domain account or not... As I stated... Computer
> settings in a policy are applied at startup... User settings are applied
at
> account login...
>
> "TechGeekPro" <%username%@yahoo.com> wrote in message
> news:%23f9pCOOGEHA.1012@TK2MSFTNGP11.phx.gbl...
> > I'm taking a practice test for the 70-218 using the CramMaster software.
> >
> > Question:
> >
> > Jennifer is an employee of a company called XYZ Dimensions Inc. located
in
> > Chicago. Jennifer is currently using a stand-alone Windows 2000
> Professional
> > workstation, named JennyW2KP, to use a locally installed graphics
editing
> > application. As the administrator, you are going to add JennyW2KP to the
> > Windows 2000 Domain, named XYZDimensions.edu, which currently consists
of
> > one Windows 2000 Server Domain Controller and four Windows 2000
> Professional
> > workstations.
> >
> > Before adding JennyW2KP to the XYZDimensions.edu Domain, you use the
Local
> > Group Policy MMC snap-in on JennyW2KP and configure the account lockout
> > policy to lock out Jennifer's local user account after three bad logon
> > attempts. Afterwards, you configure the Default Domain Controllers
Policy
> to
> > lockout Jennifer's Domain Account after two bad logon attempts.
> >
> > What will be Jennifer's result if she attempts to logon to the Windows
> 2000
> > Network using her Domain Logon account and providing an invalid password
> > both times? Select the correct answer.
> >
> >       A Jennifer will be locked out of the Windows 2000 Network for a
> > configured amount of time designated by the administrator.
> >
> >       B Jennifer will be allowed three more logon attempts to the
Windows
> > 2000 Network because the Local Group Policy and Default Domain
Controllers
> > Policy cumulatively allow her five bad logon attempts.
> >
> >       C Jennifer will be allowed one more logon attempt to the Windows
> 2000
> > Professional machine because the Local Group Policy allows her three bad
> > logon attempts.
> >
> >       D Jennifer will be allowed one more logon to the Windows 2000
> Network
> > because the Local Group Policy overrides the Group Policy.
> >
> >
> > Correct answer:
> >
> >       B Jennifer will be allowed three more logon attempts to the
Windows
> > 2000 Network because the Local Group Policy and Default Domain
Controllers
> > Policy cumulatively allow her five bad logon attempts.
> >
> >
> > Explanation:
> >
> > Jennifer is using a Domain User account, which is impacted by the
settings
> > the administrator configured in the Default Domain Controllers Policy.
> >
> >
> > My question is, since she is not logging on to a domain controller, I
> > thought she wouldn't be affected by the default doamin controllers
policy,
> > therefore, her account should be locked out.
> >
> > Am I way off base here or is this a bad question?
> >
> > --
> > I may not be fully certified, but I am fully certifiable.
> >
> >
> >
>
>

Relevant Pages

  • Re: Stop Certain user accounts logging onto pc??
    ... just put that account into the "Deny Logon ... Locally" list and enable that policy. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Limit number of Logon attempts
    ... I understand that you want to adjust the logon attempts through Group ... we have an Account Lockout policy ...
    (microsoft.public.windows.server.sbs)
  • Re: Possible Bad Question
    ... "Since the local policy dictates 3 logon attempts, ... > doesn't matter if she logs in locally or to an actual domain account... ... >> 2000 Network because the Local Group Policy and Default Domain ...
    (microsoft.public.cert.exam.mcsa)
  • RE: Cant set Local Security policies. They fail to save
    ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    (microsoft.public.windows.server.sbs)
  • Re: you do not have permission to log on locally
    ... I am having the same problem, I can't logon with the local machine account ... I am unable to remove the administrators account from the "deny local log ". ... the efffective policy setting still remains. ... > Use domain policy to override whatever security settings are causing ...
    (microsoft.public.win2000.security)