Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GPO1 that contains several user settings.
GPO1 is linked to an organizational unit (OU) named OU1.
The help desk reports that GPO1 applies to only some of the users in OU1.
You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)
You need to configure GPO1 to apply to all of the users in OU1.
What should you do?
A.
Enforce GPO1.
B.
Modify the GPO status of GPO1.
C.
Modify the Security settings of GPO1.
D.
Disable Block Inheritance on OUL.
Explanation:
http://technet.microsoft.com/en-us/library/cc739343(v=ws.10).aspx
C.
Modify the Security settings of GPO1.
right?
0
0
First thing is the The Blue Exclamation = Organizational unit with inheritance blocked.
Then you need to know what Enforcement is (the ability to specify that a GPO should take precedence over any GPOs that are linked to CHILD containers)
Lastly Link Enabled means the settings in the Group Policy Object will be applied to the object to which it has a link
A. would equal settings forced to containers below the OU1, so this does not apply here, all the users are in OU1
D. would allow any settings from GPOs above to be applied to OU1, so settings from the default domain policy would get pushed down, we dont want that
B. Here are the different status of a GPO (The status of a GPO is Enabled by default)
— (Enabled)
Allows processing of the policy object and all its settings.
— (All Settings Disabled)
Disallows processing of the policy object and all its settings
— (Computer Configuration Settings Disabled)
Disables processing of Computer Configuration settings. This means that only User Configuration settings are processed.
— (User Configuration Settings Disabled)
Disables processing of User Configuration settings. This means that only Computer Configuration settings are processed.
None of those seems to fit, that leaves only one thing
Correct Answer
C. Modify the Security settings of GPO1
https://technet.microsoft.com/en-us/library/Cc960657.aspx
Under that you would find Restricted Groups Policies
You can define Restricted groups policies to manage and enforce the membership of built-in or user-defined groups that have special rights and permissions. Restricted Groups policies contain a list of members of specific groups whose membership are defined centrally as part of the security policy. Enforcement of Restricted Groups automatically sets any computer local group membership to match the membership list settings defined in the policy. Changes to group membership by the local computer administrator are overwritten by the Restricted Groups policy defined in Active Directory.
Restricted Groups can be used to manage membership in the built-in groups. Built-in groups include local groups such as Administrators, Power Users, Print Operators, and Server Operators, as well as global groups such as Domain Administrators. You can add groups that you consider sensitive or privileged to the Restricted Groups list, along with their membership information. This allows you to enforce the membership of these groups by policy and not allow local variations on each computer.
0
0
it is A. it cannot be C coz security filter details all authenticated users meaning any user in the ou would recieve the settings in the gpo. some users are not so that means at a lower level another gpo is linking to overwrite the formers gpo settings. using enforce will ensure teh users recieve those settings. definitely A
0
0
Kurtis, Security Settings and Security Filtering are 2 different things.
I’m posting here, an answer from another user, answering the same question of an older version of the exam.
mslover said: “If you edit a GPO then then do Right Click > Properties on the root node you can change permissions that do not show in the “Security Filtering” section. Only groups with the “Apply Group Policy” enabled show here. It is possible to set a group (or user) with the “Apply Group Policy” deny permission, which will not show in “Security Filtering”.”
In my opinion the correct answer is C.
Here’s the for the same question: http://www.aiotestking.com/microsoft/you-need-to-configure-gpo1-to-app1y-to-all-of-the-users-in-ou1/
0
0
Answer is C
0
0
It can be Modify the GPO Delegation of GPO1, from that you can set a group or users to deny the “Apply group policy” setting.
0
0
Sites of interest we’ve a link to.
0
1
Every once in a when we choose blogs that we study. Listed beneath would be the most up-to-date web pages that we pick
0
1
always a significant fan of linking to bloggers that I love but do not get a good deal of link appreciate from
0
1
very handful of sites that transpire to become detailed beneath, from our point of view are undoubtedly well really worth checking out
0
1
check below, are some totally unrelated sites to ours, having said that, they may be most trustworthy sources that we use
0
1
Sites of interest we have a link to
0
1
that would be the end of this report. Right here you will obtain some web pages that we think youll value, just click the hyperlinks over
0
1
that is the finish of this report. Right here you will discover some web sites that we assume youll value, just click the links over
0
1
here are some links to websites that we link to mainly because we assume they are worth visiting
0
1
The details mentioned inside the article are a number of the ideal available
0
1
The answer is C.
The explanation of JD is very CLEAR.
I already tested and confirmed.
0
0