Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Logical access control methods > Time of day restrictions - Pg. 100

100 Eleventh Hour Security : Exam SY0-201 Study Guide are applied in the order listed above, there are options available to make excep- tions. These are the "Block Policy Inheritance" and "No Override/ Enforced" options. "Block Policy Inheritance" prevents the GPOs at higher levels (such as domains) from being inherited by lower levels. The "No Override" option has recently been renamed to "Enforce" and prevents lower levels from overriding higher-level settings. In the order of precedence, "Enforce" wins over "Block Inheritance." This means that a GPO at the domain level that requires a 14-character password and has the "Enforce" parameter set cannot be overridden at the OU level with an 8-character password requirement. Time of day restrictions Another form of logical access control is use of time of day restrictions . This is often used in the home environment to ensure that children are unable to use a computer outside of their allowed hours, but it actually began in corporate environments. Similar to the way a time-lock safe works, time of day restric- tions prevent specific applications or systems from being used outside of spe- cific hours. Some situations where this can be useful would be to restrict the