1
00:00:03,030 --> 00:00:09,690
Question In the lab, you configured the password settings for all users within the default domain policy

2
00:00:09,930 --> 00:00:13,770
and you configured the password settings for administrators within a PSL.

3
00:00:14,610 --> 00:00:18,120
What other options were available to help you accomplish the solution?

4
00:00:18,960 --> 00:00:25,500
Answer You could have created a PSL with specific settings for all users, configured it with a very

5
00:00:25,500 --> 00:00:28,950
high precedence and linked it to the domain users security group.

6
00:00:29,800 --> 00:00:34,990
The benefit would be that there is only one interface for managing domain password policies and the

7
00:00:34,990 --> 00:00:39,910
default settings for local accounts on domain members can be set differently across the whole domain.

8
00:00:40,720 --> 00:00:46,960
Question In the lab, you were using precedence for the administrative PSL with a value of ten.

9
00:00:47,800 --> 00:00:49,150
What is the reason for this?

10
00:00:50,000 --> 00:00:50,570
Answer.

11
00:00:51,490 --> 00:00:55,990
The administrative peso is very restrictive, so the precedence should be low.

12
00:00:56,800 --> 00:01:01,810
However, there might be groups of administrators in the future with more restrictive settings, such

13
00:01:01,810 --> 00:01:06,910
as a subset of administrators to access human resources, data or service accounts for which you might

14
00:01:06,910 --> 00:01:09,910
want to enforce longer passwords with administrative rights.

15
00:01:09,910 --> 00:01:11,350
The change less frequently.

16
00:01:12,240 --> 00:01:17,970
For these reasons, using a value of ten allows some space for implementing pieces that are more precise.