Your network contains an Active Directory domain named contoso.com.
The domain contains an organizational unit (OU) named OU1 as shown in the OU1 exhibit.
(Click the Exhibit button.)
The membership of Group1 is shown in the Group1 exhibit. (Click the Exhibit button.)
You configure GPO1 to prohibit access to Control Panel. GPO1 is linked to OU1 as shown in the GPO1 exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise select No. Each correct selection is worth one point.
Hot Area:
Answer: 
Explanation:
Since user4 is not in organizational unit, the filtering the GPO does not apply to him.
http://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx
Correct answer: YNYY
GPO only applies to Site, Domain and OU. Linking GPO on OU1 does not means that it will be applied on all the users and groups under that OU we also need to consider the security that was set to on GPO. It stated that only user2 is the valid user that the GPO will be applied hence user2 will not be able to access control panel.
ReferenceL:
http://www.aiotestking.com/microsoft/select-yes-if-the-statement-can-be-shown-to-be-true-based-on-the-available-information-otherwise-select-no-3/
1
0
Ammm. GPO1 is Linked to OU1 and have security fitering Group1 and User3.
Group1 have a memebers User1 and user2.
I think, GPO1 can be aplyed to: ((User1, User2)-are members of Group1), User3.
OU1 consist of: Group1 (User1, User2), User4.
So i think GPO1 will be aplyed to User1 and User2 only.
User3 isn’t member of OU1 and User4 isn’t part of secure filter of GPO1.
NNYY
0
1
Sorry, User1 isn’t part of OU1. So, GPO1 applyed only to user2 and answer will be
YNYY.
Drin is wright.
1
0
user 1 is part of Group1, NNYY
0
1
You can only link a GPO to Site, Domain, OU, that doesnt mean it doesnt affect the users/groups/computers in them. NNYY. GPO doesnt apply to user 3 because he is not in the OU.
0
0
Went back and tested. GPO does not apply to user1 because the user isn’t physically in the OU, regardless if he is in a group that the OU applies to. GPOs affect only the users and computers in OUs. YNYY
1
0
User1 is not in OU1 either. So the GPO will not apply to User1. Yes, User1 is a member of Group1, but the actual User1 object does not reside in the OU so it will not apply. Security filtering only filters through the objects that reside in that OU. This does not include members of the Group that the member object itself does not reside in the OU.
YNYY
1
0
YNYY
I checked it in the lab
0
0
agreed YNYY, tested
1
0
the user and/or computer must be in the group listed on the security filtering list, plus be in the OU (if the GPO is linked to the OU), in order to get the setting defined in the GPO
This is a good question, it tests your understanding Group Policy processing.
GPO1 is linked to OU1 = Only users in OU1 can be targeted
So, potentially User2 and User4 might get settings from the GPO, no-one else can be considered.
However security filtering on GPO1 limits who can get settings from it, if you’re not in Group1 or not User3, you cannot get settings from this policy.
User3 is not in the OU, and is already excluded form settings from GPO1.
So, are there any accounts in the OU that are a member of Group1?
Yes, User2 has an account in the OU, and is a member of the group that has the necessary permissions.
So, User2 alone will be prohibited from using control panel
1
0
YNYY
1
0
User 1 and user 2 are in the Group 1 , so they can’t
User 3 is in the filter of the GPO, so he can’t
User 4 is in the OU1 , so they can’t, where im wrong? :S
0
1
But user 4 is not in the filter of the GPO so he can, answer is correct i think
0
0
YNYY
70-410 exam ref:
Objective 6.1: Create Group Policy Objects
Although the name Group Policy Object implies that policies are linked directly to groups,
this is not the case. GPOs can be linked to sites, domains, and organizational units (OUs) to
apply settings to all users and computers within AD DS containers. However, an advanced
technique named security filtering enables you to apply GPO settings to one or more users
or groups within a container by selectively granting the Apply Group Policy and Read
permissions to one or more users or security groups.
0
0