As I mentioned in an earlier post I am reading the Study Guide for the Exchange 2007 Design Exam (70-237). There is quite a good section on security that goes beyond the normal Exchange stuff. In fact the book overall is good in that the topic coverage goes beyond the bare exam requirements.
One bit is glaringly, obviously wrong.
It states that in Windows 2008 the password policy can be linked at the site, domain or individual OU level.
No, No and thrice NO.
The password policy can only be linked, and be effective at the domain level.
The new Fine Grained Password Policies enable multiple password policies to be defined but they are linked to groups or individual users.
A full discussion on this topic together with PowerShell scripts to manage the policies is available from the April 2008 issue of Windows Administration in Realtime -
Read the complete post at http://richardsiddaway.spaces.live.com/Blog/cns!43CFA46A74CF3E96!2002.entry