DRAG DROP
Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2012.
The domain contains an organizational unit (OU) named OU1. OU1 contains an OU named OU2. OU2
contains a user named User1.
User1 is the member of a group named Group1. Group1 is in the Users container.
You create five Group Policy objects (GPO). The GPOs are configured as shown in the following table.
The Authenticated Users group is assigned the default permissions to all of the GPOs.
There are no site-level GPOs.
You need to identify which three GPOs will be applied to User1 and in which order the GPOs will be
applied to User1.
Which three GPOs should you identify in sequence?
To answer, move the appropriate three GPOs from the list of GPOs to the answer area and arrange them
in the correct order.
Answer: See the explanation
Explanation:
Box 1: GPO1
Box 2: GPO3
Box 3: GPO5
Note:
* Box 1: Domain GPOs are applied before OU GPOs.
By default, Group Policy is inherited and cumulative, and it affects all computers and users in an Active Directory container.
GPOs are processed in the following order:
• The local GPO is applied.
• GPOs linked to sites are applied.
• GPOs linked to domains are applied.
• GPOs linked to organizational units are applied. For nested organizational units, GPOs linked to parent organizational units are applied before GPOs linked to child organizational units are applied.
Note The order in which GPOs are processed is significant because when policy is applied, it overwrites policy that was applied earlier.
The Group Policy objects (GPOs) that apply to a user (or computer) do not all have the same precedence. Settings that are applied later can override settings that are applied earlier
The policies are applied in the hierarchy –> Local machines, Sites, Domains and Organizational Units.(LSDOU)
Sources:
https://social.technet.microsoft.com/Forums/sharepoint/en-US/aa3a836a-a5ea-495c-9016-6fc1c670403f/in-what-order-are-group-policies-applied?forum=winserverGP
https://msdn.microsoft.com/en-us/library/gg604584.aspx
0
0
Also, tested in the above question is knowledge of group policy permissions using the delegation tab.
Security filtering and delegation do the same thing, except the delegation tab allows you to do more advanced things like allow some users to edit the GPO. Denying access to a GPO can be done through security filtering or the delegation tab.
https://serverfault.com/questions/786169/windows-server-what-is-the-difference-between-security-filtering-under-the-sco
Another concept shown in the question is GPO Enforcement. When a GPO is enforced, the policies in the GPO will not be overruled by GPOs that are applied later.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/0453271c-bf23-461b-b001-7f353d293d08/enforced-or-not-in-group-policy-object?forum=winserversecurity
0
0