You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain.
All the servers on the network run Windows Server 2008 and all client computers run Windows Vista. The domain contains three organizational units (OUs) named TestOU1, TestOU2, and TestOU3.
Which of the following options would you choose to redesign the layout of the OUs to ensure that the Group Policy objects (GPOs) that are linked to the domain from applying to computers located in the TestOU2 are prevented? You also need to minimize the number of GPOs and the number of OUs.
A.
On the TestOU2Configure block inheritance.
B.
Create a WMI filter.
C.
Delegate permissions on the Application OU
D.
Create a Starter GPO.
E.
None of the above
Explanation:
Typically, group policies are passed down from parent to child containers within a domain, which you can view with the Active Directory Users and Computers console. Group policy is not inherited from parent to child domains. If you assign a specific group policy setting to a high-level parent container, that setting applies to all containers beneath the parent container, including the user and computer objects in each container. However, if you explicitly specify a group policy setting for a child container, the child container’s setting overrides the one for the parent container.
The Block Policy inheritance option blocks Group Policy Objects that apply higher in the Active Directory hierarchy of sites, domains, and organizational units. It does not block GPOs whose No Override setting is enabled. You can block policy inheritance at the domain or organizational unit level..
Reference: Inheriting a Meager Comprehension of Policy Inheritance http://www.informit.com/guides/content.aspx?g=windowsserver&seqNum=60