Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

faulty MS Press 70-299 prep question

Status
Not open for further replies.

abstractmechanic

Technical User
Sep 8, 2006
22
US
Hi everybody,

I'm studying for my 70-299 using the MS Press Training Kit. The explanation of the correct answer to one of the CD's practice questions concerning security policies contains this statement:

"...GPOs that configure security settings must be linked at a domain; otherwise, the settings will not apply. Therefore, you cannot use a GPO linked to [an] OU to manually configure the security settings or import them from a template."

This has me very confused. I thought the linking of GPOs with configured security settings to OUs was considered a fine method for applying security policies. I'm about to sit for the exam, and to have something of this importance suddenly pop up is unsettling. I'm guessing that this statement is incorrect. From how I read things, it directly conflicts with other test questions as well as with the text book itself.
I've written Microsoft but figure I might as well have put the message in a bottle and tossed it in the ocean. Does anybody else have the answer to this?

Thanks, Kirk
 
A domain can have only one set of security policies. Security policies must be set at the domain level because of this. Any security policies set at the OU level will be ignored.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Thank you for the response, mrdenny; I'm glad to have that straightened out before I take the exam. Have a good day.

- Kirk
 
You to. Good luck on the exam.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Hi everybody,

I don't mean to belabor a point, but in the interests of this forum (which I like so much) having the correct information, I'd like to update the answer to this question. The practice test CD which came with my MS Press 70-299 Training Kit is made by MeasureUp. Both they and Microsoft were kind enough to get back to me. MeasureUp even sent me an update to change the CD's faulty answer. Here goes.
In a GPO, there is a node titled Security Settings, which has 11 subnodes under it. The first seven of these nodes (Account Policies, Local Policies, Event Log, Restricted Groups, System Services, Registry, and File System) can be configured by importing a security template. The first node, Account Policies, can be applied only at the Domain level. The other six, however, can be applied to an OU, but they are inherited as a package deal. That is, they will completely overwrite, not merge with, the corresponding nodes of the GPO into which they are imported.
Mrdenny, I again thank you for responding to my post, but after my exchanges with MeasureUp, I think you may be in error. You provide many answers in this forum, so I know you really know your stuff. I welcome any response you may have.

Thanks, Kirk
 
I probably should have been a little more clear. When I said security policies I actually mean the Account Policies (Password complexity, Password retention, Password expiration, etc).

It's been a while since I've actully look at AD so I was doing this from memory. :)

I'm glad you got it straight from Microsoft. They tend to be correct in these cases.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top