The “Apply Group Policy” permission to one or more users or security groups is selectively applied
True or False
Windows Server 2008 R2 and Windows Vista can
support multiple local GPOs. This enables you to specify a different local GPO for adminis-
trators or to create specific GPO settings for one or more local users configured on a worksta-
tion. This capability is particularly valuable for computers in public locations such as libraries
and kiosks, which are not part of an Active Directory infrastructure.
Older Windows releases (prior to Windows Vista) can support only one local GPO, and the
settings in that local GPO can apply only to the computer, not to individual users or groups.
GPT are the actual PHYSICAL settings that will be processed by the client
The Group Policy Template is where the meat of the GPO resides. By way of comparison, think of how Active Directory represents a computer object. It lists all the relevant attributes of the computer, but the object in Active Directory is not the computer itself. In a similar way, the portion of the GPO in Active Directory merely represents the attributes relevant to the GPO content. The content itself is known as the Group Policy Template, or GPT, and it resides in a share known as SYSVOL
When a GPO is created using a starter template, all the settings in the template are automatically copied over to it
Default Domain Controller Policy.
When a GPO is created a GUID is generated. This GUID is used for the name of the GPT created on the DC and as internal moniker for the GPO itself.
2 Default Domain Policy
Which of these two policies will be processed last, and what is the significance of this?
This means that any conflicts between the policies will be overriden by the Sales policy. That is the Sales policy will win.
circle back and reapply the computer policies after all user policies and logon scripts run
Below is a scenario involving Loopback processing
For example, consider an academic environment in which the user objects for
administrative accounts, such as teachers and staff, are placed in a separate Admin OU. All workstation computer objects are located in a Lab OU. In computer labs, anyone can log on to the network. However, when users in the Admin OU log on to lab computers, their
User Conﬁguration settings conﬁgure the computers to print on printers located in their
ofﬁces, and install applications on the lab computers intended only for the users’ ofﬁce
computers. Teachers complain that they have to walk back to their ofﬁces to pick up print jobs that should print on the printers located in the lab. In addition, applications that
should not reside on the lab computers are installed there and now must be removed. One solution to this problem is to use the Replace option in Loopback Processing. When you set the Replace option, the system applies only the user settings from the Lab OU applied.
This resolves the issue of applying unwanted settings on shared computers from other
locations in the AD DS hierarchy
These settings are applied before the user logs on
A. Configure a higher GPO to disabled
B. Configure a higher GPO to Enabled
C. Configure a higher GPO to Not Configured
D. Configure a higher GPO with Loopback processing?
You must conﬁgure a higher priority GPO to disable the setting, if you want to restore it to
its default. Applying the Not Conﬁgured state does not change the setting, leaving
Group Policy Management Editor – AD DS group policy editing
a. ADM files
b. ADMX files
c. Group Policy objects
d. Security templates
a. Local Group Policy
b. Administrators Group Policy
c. Nonadministrators Group Policy
d. User-specific Group Policy
a. GPO linking
b. Administrative templates
c. Security filtering
d. Starter GPOs
a. A starter GPO functions as a template for the creation of new GPOs.
b. A starter GPO is the first GPO applied by all Active Directory clients.
c. Starter GPOs use a simplified interface for elementary users.
d. Starter GPOs contain all of the settings found in the default Domain Policy GPO.
a. The setting remains disabled.
b. The setting is changed to not configured.
c. The settings is changed to enabled.
d. The setting generates a conflict error.
a. in Active Directory; in Active Directory
b. in Active Directory; on the local computer
c. on the local computer; in Active Directory
d. on the local computer; on the local computer
assignments so that only certain users and computers receive the ermissions and, consequently, the settings in the GPO?
a. You cannot separate or divide permission assignments within the linked container.
b. You can create and link a different GPO to the applicable objects, overriding the
c. You remove the applicable objects and place in a new container.
d. You apply security filtering in the Group Policy Management console.
a. The last
b. The first
c. The most permissive
d. The most restrictiv
The first one in the list is the last to be processed and therefore has higher priority
a. Software Settings, Windows Settings, and Delegation Templates
b. Software Settings, Windows Settings, and Administrative Templates
c. Security Settings, Windows
Settings, and Delegation Templates
d. Security Settings, Windows
Settings, and Administrative Templates
a. LSOUD (local, site, OU, and then domain)
b. LOUDS (local, OU, domain, and then site)
c. SLOUD (site, local, OU, and then domain)
d. LSDOU (local, site, domain, and then OU)
What are the different types of Group Policy objects (GPOs)?
a. Computer, user, and organizational unit
b. Local, domain, and starter
c. Local, domain, and universal
d. Site, domain, and organizational unit
approach to make those changes?
a. Add new settings in the default policies as needed.
b. Create new GPOs to augment or override the existing default settings.
c. Change existing ones in the default policies as needed.
d. Link a new GPO using the AD DS role.
Group Policies applied to parent containers are inherited by all child containers and objects. What are the ways you can alter inheritance?
a. Using the Enforce, Block Policy Inheritance, or Loopback settings.
b. Using Active Directory
Administrative Center (ADAC) to block inheritance.
c. Inheritance can be altered by making the applicable registry settings.
d. Using the Enforce or Block Policy Inheritance settings.