PrepAway - Latest Free Exam Questions & Answers

You configure GPO1 to prohibit access to Control Panel.GPO1 is linked to OU1 as shown in the GPO1 exhibit

HOTSPOT
Your network contains an Active Directory domain named contoso.com.
The domain contains an organizational unit (OU) named OU1 as shown in the OU1 exhibit.
(Click the Exhibit button.)

The membership of Group1 is shown in the Group1 exhibit.(Click the Exhibit button.)

You configure GPO1 to prohibit access to Control Panel.GPO1 is linked to OU1 as shown in
the GPO1 exhibit. (Click the Exhibit button.)

Select Yes if the statement can be shown to be true based on the available information;
otherwise select No. Each correct selection is worth one point.

PrepAway - Latest Free Exam Questions & Answers

Answer:

Explanation:

Since user4 is not in organizational unit, the filtering the GPO does not apply to him.
References:
http://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx

28 Comments on “You configure GPO1 to prohibit access to Control Panel.GPO1 is linked to OU1 as shown in the GPO1 exhibit

    2. Jony says:

      user 1 isn’t in OU, GPO doesnt’t apply to objects outside OU and to groups – can access CP
      user 2 reside in OU, GPO apply – cannot access CP
      user 3 isn’t in OU, GPO doesnt’t apply to objects outside OU and to groups – can access CP
      user 4 GPO Security filtering dont apply to user 4




      1



      0
  3. PeterPan says:

    I just tested this out,it is YNYY.

    There is a simple rule, if the object is in the OU listed in the GPO, and also listed in the security filtering (direct or in a group), then the GPO will apply.




    2



    0
  4. Can says:

    Sorry guys really i am confused….because first i tried apply a policy to group ! and it worked ! it was for remove – log off from start up.

    and now i have tried this question !! and yes policy dosent work on group !

    how it can be happen ?




    0



    0
  5. Tom says:

    Security Filtering third window.
    “The settings in this GPO can only apply to the following groups, users and computers.”
    Group 1 (Contains users 1 and 2)
    User 3.

    User 4 is not listed in the security filtering of the GPO, therefor doesn’t apply.

    Answer is N N N Y




    0



    1
  7. Shawn says:

    If you link a GPO to an OU it only specifies in which OU the GPO should apply. After that, the security filter specifies further to which of the users and groups in the OU the GPO are applied.
    *Group 1 (which is user 1 and 2) and User 3 are in the OU and included in the security filter.
    *User 4 is NOT in the OU therefor the GPO doesn’t apply to User 4.




    0



    1
  9. Bob says:

    I’m going with YNYY as well – the GPO will only apply to users that are in OU1 – Users 1 and 3 are NOT in the OU so the policy will not apply to them regardless of the security filtering. The use of the group in sec filtering only serves to narrow the scope of the application of the GPO within the OU it is linked to – so even if someone is in the group, if they are are not also in the OU it won’t apply to them.

    If they were moved into OU1 THEN the GPO and filtering would apply and they would not be able to run Control Panel.

    https://technet.microsoft.com/en-us/library/cc781988(v=WS.10).aspx (A bit old but still valid)

    A GPO with security filtering set to Read and AGP doesn’t necessarily apply to all security principals that have security filtering. It only applies to them if those user or computer objects are in the container or child container that is linked to the GPO.




    1



    0
  13. Heber says:

    gpo é definida em sites,domínios e unidades organizacional. Filtros de segurança aplica a gpo para quem fizer parte dela. Sendo assim, user1, user2 e user3 será negado o acesso pois fazem parte do filtro de segurança e user4 mesmo fazendo parte da OU terá o acesso concedido pois não faz parte do filtro de segurança.




    0



    0

Leave a Reply