Re: Possible Bad Question

From: Stew Basterash (stewartbash_at_hotmail.com)
Date: 04/02/04 

Date: Fri, 2 Apr 2004 14:21:31 -0600

CRAP!

I missed that one again... I hate those... Be careful reading those
questions!!!

"TechGeekPro" <%username%@yahoo.com> wrote in message
news:%23kxUQgOGEHA.3764@TK2MSFTNGP12.phx.gbl...
> "Since the local policy dictates 3 logon attempts, and the Domain policy
> dictates 5 then "5" is the result..."
>
> Ah, but the question didn't state "Domain Policy" but "Domain Controllers
> Policy" which from what I understand only affects the computers in the
> built-in Domain Controllers OU. She is logging into the Domain but not
into
> a Domain Controller.
>
> --
> I may not be fully certified, but I am fully certifiable.
>
> "Stew Basterash" <stewartbash@hotmail.com> wrote in message
> news:e3DRPbOGEHA.2600@TK2MSFTNGP12.phx.gbl...
> > Once a computer is added to a domain policies are applied in this order
> LSDO
> > (Local, Site, Domain, OU)... Since the local policy dictates 3 logon
> > attempts, and the Domain policy dictates 5 then "5" is the result
becuase
> > the setting is overridden in the order of application... In addition, it
> > doesn't matter if she logs in locally or to an actual domain account...
> > System ("computer") Policy settings are applied at startup regardless if
> she
> > actually logs into her domain account or not... As I stated... Computer
> > settings in a policy are applied at startup... User settings are applied
> at
> > account login...
> >
> > "TechGeekPro" <%username%@yahoo.com> wrote in message
> > news:%23f9pCOOGEHA.1012@TK2MSFTNGP11.phx.gbl...
> > > I'm taking a practice test for the 70-218 using the CramMaster
software.
> > >
> > > Question:
> > >
> > > Jennifer is an employee of a company called XYZ Dimensions Inc.
located
> in
> > > Chicago. Jennifer is currently using a stand-alone Windows 2000
> > Professional
> > > workstation, named JennyW2KP, to use a locally installed graphics
> editing
> > > application. As the administrator, you are going to add JennyW2KP to
the
> > > Windows 2000 Domain, named XYZDimensions.edu, which currently consists
> of
> > > one Windows 2000 Server Domain Controller and four Windows 2000
> > Professional
> > > workstations.
> > >
> > > Before adding JennyW2KP to the XYZDimensions.edu Domain, you use the
> Local
> > > Group Policy MMC snap-in on JennyW2KP and configure the account
lockout
>
> > > policy to lock out Jennifer's local user account after three bad logon
> > > attempts. Afterwards, you configure the Default Domain Controllers
> Policy
> > to
> > > lockout Jennifer's Domain Account after two bad logon attempts.
> > >
> > > What will be Jennifer's result if she attempts to logon to the Windows
> > 2000
> > > Network using her Domain Logon account and providing an invalid
password
> > > both times? Select the correct answer.
> > >
> > > A Jennifer will be locked out of the Windows 2000 Network for a
> > > configured amount of time designated by the administrator.
> > >
> > > B Jennifer will be allowed three more logon attempts to the
> Windows
> > > 2000 Network because the Local Group Policy and Default Domain
> Controllers
> > > Policy cumulatively allow her five bad logon attempts.
> > >
> > > C Jennifer will be allowed one more logon attempt to the Windows
> > 2000
> > > Professional machine because the Local Group Policy allows her three
bad
> > > logon attempts.
> > >
> > > D Jennifer will be allowed one more logon to the Windows 2000
> > Network
> > > because the Local Group Policy overrides the Group Policy.
> > >
> > >
> > > Correct answer:
> > >
> > > B Jennifer will be allowed three more logon attempts to the
> Windows
> > > 2000 Network because the Local Group Policy and Default Domain
> Controllers
> > > Policy cumulatively allow her five bad logon attempts.
> > >
> > >
> > > Explanation:
> > >
> > > Jennifer is using a Domain User account, which is impacted by the
> settings
> > > the administrator configured in the Default Domain Controllers Policy.
> > >
> > >
> > > My question is, since she is not logging on to a domain controller, I
> > > thought she wouldn't be affected by the default doamin controllers
> policy,
> > > therefore, her account should be locked out.
> > >
> > > Am I way off base here or is this a bad question?
> > >
> > > --
> > > I may not be fully certified, but I am fully certifiable.
> > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • domain users cant logon locally
    ... This is probably caused by the fact that your Windows 2000 ... To find this setting right click the DOmain Controllers OU ... Policy tab, verify that the Default Domain Controllers ... >I have recently installed a new windows 2000 server. ...
    (microsoft.public.win2000.security)
  • Re: Null NetworkName registry value and XP SP2
    ... XP SP2 determines which firewall profile to use at any given point in time. ... having the connection specific DNS suffix different from the Windows Domain ... Is the connection specific DNS suffix on the problematic computers ... > Policy settings are configured, ...
    (microsoft.public.windows.group_policy)
  • Re: domain users force only local server access
    ... You can restrict computers using ipsec policies. ... complex topic and domain controllers need to be exempt from any policy to ...
    (microsoft.public.win2000.security)
  • Re: Blocking port scans on local network
    ... > additional restrictions for anonymous connections in this security guide. ... > do not recommend applying ipsec policy wide scale without some testing of ... > between domain computers and domain controllers as the domain controllers ...
    (microsoft.public.win2000.security)
  • Re: 10 winxp computer locked by Software Restrictions
    ... security policy but sounds like a problem with Software Restriction ... I don't know offhand why it is affecting only some computers unless there ... replication between domain controllers. ... know how well netdiag will work in safe mode but make sure the problem ...
    (microsoft.public.windows.group_policy)