You create a Password Settings object (PSO).
You need to apply the PSO to a domain user named User1.
What should you do?
A. Modify the properties of the PSO.
B. Modify the account options of the User1 account.
C. Modify the security settings of the User1 account.
D. Modify the password policy of the Default Domain Policy Group Policy object (GPO).
Correct Answer: A
Explanation/Reference:
http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password- policy-walkthrough.aspx
Windows Server 2008 – Fine Grained Password Policy Walkthrough
…
1. Open Active Directory Users and Computers (Start, point to Administrative Tools, and then click Active Directory Users and Computers).
2. On the View menu, ensure that Advanced Features is checked.
3. In the console tree, expand Active Directory Users and ComputersyourdomainSystemPassword Settings Container
4. In the details pane, right-click the PSO, and then click Properties.
5. Click the Attribute Editor tab.
6. Select the msDS-PsoAppliesTo attribute, and then click Edit.
..
If you do not see msDS-PsoAppliesTo attribute in the Attributes list, click Filter, and then click Show attributes/Optional. Also, clear the Show only attributes that have values check box.
7. In the Multi-valued String Editor dialog box, enter the Distinguished Name (also known as DN) of the user or the global security group that you want to apply this PSO to, click Add, and then click OK.
To obtain the full distinguished name of a user or a global security group, in the details pane, right-click the user or the global security group, and then click Properties. On the Attribute Editor tab, view the value of the Distinguished Name attribute in the Attributes list.
Voila! Hit "OK" a couple of times, and your users/groups now have a custom password policy assigned to them. No longer do you have to have separate domains for your developers and standard users. Good times 🙂
