Your network contains a single Active Directory domain named contoso.com. The domain contains an Active
Directory site named Site1 and an organizational unit (OU) named OU1. The domain contains a client
computer named Client1 that is located in OU1 and Site1. You create five Group Policy objects (GPO). The
GPOs are configured as shown in the following table.
You need to identify in which order the GPOs will be applied to Client1. In which order should you arrange the
listed GPOs? To answer, move all GPOs from the listof GPOs to the answer area and arrange them in the
correct order.
Select and Place:
Answer: 
Explanation:
The GPO apply to a client computer in the method of L,S,D,Ou sequence where L is Local Policy, S is Site Policy, D is Domain Policy and Ou is the Organizational Policy. In this question we see enforcement of GPO enabled and disabled, all that means is to ignore the block inheritance on any lower hierarchy structure in the LSDOu schema. There is no indication in this question whether there is a block inheritance or not. So we that in mind and assuming the GPO are link in the order specified in the question, the GPOs should apply as follow:
Local Policy: None
Site Policy: GPO3
Domain Policy: GPO1 then GPO2
OU Policy: GPO4 then GPO5
So the response should be:
GPO3
GPO1
GPO2
GPO4
GPO5
http://technet.microsoft.com/en-us/library/cc785665(v=ws.10).aspx
1
0
Fausto is not completely correct.
An enforced GPO will override the precedence. So, if I enforce a GPO on domain level its precedence is 1 in the OU, even if there is an enforced GPO on OU level.
Or to make it short, enforcing will reverse the sequence from S > D > O to O > D > S.
My answer to the question above:
GPO1 > Domain (lowest prio)
GPO4 > OU
GPO5 > OU > enforced
GPO2 > domain > enforced
GPO3 > Site > enforced (higest prio)
So, the answer in the screenshot is correct.
http://itfreetraining.com/70-640/gp-enforce-block/
2
0
You are Right. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc757050%28v%3dws.10%29
0
0
It should be :
GPO03 – Site level has more prio than domain level
GPO02 – domain level, but this one is enforced
GPO01 – domain level, but not enforced
GPO05 – OU level, but enforced
GPO04 – OU leven, but not enforced
0
0
I was wrong, I agree with xxx
0
0
I created this in my environment exactly as described in the question.
I ran gpresult /r on a PC that was in OU1:
GPO3 (site level, enforced)
GPO2 (domain level, enforced)
GPO5 (OU level, enforced)
GPO4 (OU level, not enforced)
GPO1 (domain level, not enforced)
0
0
…the order in GPRESULT results – the order of precedence is shown top to bottom. The top GPO takes precedence and will be the GPO that wins.
http://blogs.msdn.com/b/muaddib/archive/2012/08/22/determine-gpo-precedence-with-gpmc-gpresult.aspx
0
0
None of these answers are correct per my understanding. The question says that “site” GPO isn’t enforced. Shyfox above is the most correct with the exception of the question isn’t enforcing the site settings. The correct answer should be site first, because of the default application of GPOs (L,S,D,O). Then the unenforced settings would be applied, first by domain, then OU. Lastly, the enforced settings would be applied, first by OU, then domain, because the forced domain settings would not be overwritten by the forced OU settings. Correct answer, IMO, is S,D (unenforced), O (unenforced), O (enforced), D (enforced).
0
0
The question speaks about the orde of the GPO’s beeing applyed, not what setting will be applied. So it should be 3 – 1 – 2 – 4 – 5. Fausto is correct
0
0
xxx is correct
In the screenshot, you can see that the order of precedence is actually reversed from what you would expect (where the GPO closest to the client object is applied last). Instead, these rules apply:
1.GPOs without enforcement set are applied first, using the normal precedence rules
2.GPOs with enforcement set are applied last, with their precedence rules reversed
http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/15/understanding-the-structure-of-a-group-policy-object-part-2.aspx
0
0
Starts normally with non-enforced GPOs
domain ->OU
GPO1
GPO4
then in reverse order with enforced GPOs
OU->D->S
GPO5
GPO2
GPO3
0
0
Order of processing settings
This section provides details about the order in which Group Policy settings for users and computers are processed. For information about where the processing of policy settings fits into the framework of computer startup and user logon, see steps 3 and 8 in Startup and logon, in this topic.
Group Policy settings are processed in the following order:
Local Group Policy object—Each computer has exactly one Group Policy object that is stored locally. This processes for both computer and user Group Policy processing.
Site—Any GPOs that have been linked to the site that the computer belongs to are processed next. Processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the site in Group Policy Management Console (GPMC). The GPO with the lowest link order is processed last, and therefore has the highest precedence.
Domain—Processing of multiple domain-linked GPOs is in the order specified by the administrator, on the Linked Group Policy Objects tab for the domain in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence.
Organizational units—GPOs that are linked to the organizational unit that is highest in the Active Directory hierarchy are processed first, then GPOs that are linked to its child organizational unit, and so on. Finally, the GPOs that are linked to the organizational unit that contains the user or computer are processed.
At the level of each organizational unit in the Active Directory hierarchy, one, many, or no GPOs can be linked. If several GPOs are linked to an organizational unit, their processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the organizational unit in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence.
0
0
1
4
3
2
5
is the right one
0
0
Here is my understanding: If following the rule of last write wins (LWW) and process this in that order top to bottom:
GPO1 Domain *un-enforced
GPO4 OU1 *un-enforced
GP05 OU1 #enforced
GPO2 Domain #enforced
GPO3 Site #enforced
That is Un-enforced processing order is L/S/D/Ou
That is Enforced processing order is Ou/D/S
All with the understanding that its LWW (or last policy standing up).
0
0
1.GPOs without enforcement set are applied first, using the normal precedence rules
2.GPOs with enforcement set are applied last, with their precedence rules reversed
0
0
http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/15/understanding-the-structure-of-a-group-policy-object-part-2.aspx
0
0
today i have my 70-411 exam at 11 am …, i prepared these dumps .., i hope that dumbs won’t be changing .., if their is a possibility for changes in dumps please report me as soon as possible my mail id is ( wishnew278@gmail.com)
0
0
How was on exam? Passed with success?
0
0
xxx and Mark are 100% correct (see their explanation):
1
4
5
2
3
0
0
AS is correct. If you read 1/3 of the way down the following page it will make sense.
https://technet.microsoft.com/en-us/library/dn581922(v=ws.11).aspx
0
0
All Seems wrong.. this is the correct answer
As I read here and tested in my network
https://blogs.technet.microsoft.com/musings_of_a_technical_tam/2012/02/15/group-policy-basics-part-2-understanding-which-gpos-to-apply/
The Apply order will be as the following
– Site
– Domain (NOT enforced)
– OU (Not Enforced)
– OU (ENFORCED)
– Domain (Enforced)
To Confirm read the artical I add and search for “Second, if you have multiple enforced policies the one higher up the OU”
0
0