Your network contains an Active Directory domain named contoso.com.
All user accounts for the marketing department reside in an organizational unit (OU) named
OU1. All user accounts for the finance department reside in an organizational unit (OU)
named OU2.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU2. You
configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the
desktop.
You discover that when a user signs in, the Link1 is not added to the desktop.
You need to ensure that when a user signs in, Link1 is added to the desktop.
What should you do?
A.
Enforce GPO1.
B.
Enable loopback processing in GPO1.
C.
Modify the Link1 shortcut preference of GPO1.
D.
Modify the Security Filtering settings of GPO1.
Explanation:
Security filtering is a way of refining which users and computers will receive and apply the
settings in a Group Policy object (GPO). Using security filtering, you can specify that only
certain security principals within a container where the GPO is linked apply the GPO.
Security group filtering determines whether the GPO as a whole applies to groups, users, or
computers; it cannot be used selectively on different settings within a GPO.
I would say Enforce GPO1
0
1
Yep, A is the right answer.
0
1
No. It applies last.
0
1
it’s C.
http://blogs.technet.com/b/grouppolicy/archive/2009/11/02/group-policy-preferences-colorful-and-mysteriously-powerful-just-like-windows-7.aspx
1
0
D is the correct answer.
The GPO1 is added to OU2, but there are also users in OU1. So you need to use security filtering in GP to add other Users/Groups.
Also and perhaps Microsoft needs to change the question: When you add a GPO the Authenticated Users group is added, when you remove this group in GPMC as a security issue the GPO will not work for anyone in the OU.
If you ask me, the question is incomplete but I would go for D
0
0
the question does not state that anything concerning the GPO security settings was modified after creating the GPO, for me it looks like they wanna point out that the shortcut was created without choosing a shortcut preference that works!
so I’d go for C (assuming we are talking about users in OU2 😉 )
2
0
A: Only needs to be enforced if there is another GPO applied later which reverses this setting. In this case, it looks like the GPO1 is in the same OU as the user. If there was an enforced parent GPO which reversed this change, enforcing GPO1 will not help.
B. This is a user setting. Loopback processing wont help.
C. Maybe the administrator messed up a setting and it needs to be modified again?
D. By default, the users should have read and apply policy so unless someone messed with this setting…
tl;dr this is a terrible question
1
0
yes, this question is missing critical information.
0
0
this question is rediculous.
0
0
D or C
but this time my vote goes to D 🙂
0
0
For sure C
Question is with a catch:), I tested on my own lab.
Marketing users -> OU1
Finanse users ->OU2 <-GPO1 (linked)
Why not D:
in GPO1 in Security filtering if you put Marketing users from OU1, they won't get shortcut, because GPO is not linked there.
1
0
when I read accurately, I see a red herring (OU1) and miss information on which user isn’t getting the link1.
If the user is in OU2 then A could be right as well as C (and D)
If user is in OU1 then action shoud be taken if he did get link1.
Or is my English that poor?
0
0
A and B are incorrect those features will not help this situation.
It could be C but it mentions the preference is configured. (so you can assume this is setup correctly)
I think D is correct, the questions doesn’t mention what security is applied to the GPO. You would need to either configure the security to apply to authenticated users (which is default) or to a security group containing the finance users. (The question doesn’t say it needs to apply to Marketing and the GPO is linked in the wrong place if this was the case).
0
0
Definitely agree with Adam’s comment, this is a terrible question: if the user is in the Marketing department (OU1), then none of the answers will help. Modifying the Security Filtering settings of GPO1 will not help applying it to users outside OU2.
I’d go for C, assuming that the “Action” field of the shortcut Group Policy Preference need to be changed.
1
0
Answer is C if we make some assumptions because this question is not complete. If user is from finance and it is not applying then it would mean something is wrong with the security filter. Perhaps authenticated users were removed so no one in finance would get the policy.
0
0
I meant to say D.
1
0
My assumption is that the user logging in here is in the other OU, so need to link it to the other OU, so C would be my choice.
there is no mention of security filtering being changed from default, so do not add additional info to the question…
taking the facts from this question
we have users in OU1, we have users in OU2, I create and link a GPO to OU2
“A” user logs in and doesn’t get the setting, why is this…
only logical reason can be “A” user is located in OU1??
Answer C is the only one where assumptions are not made…
Answer A – enforcing a GPO isn’t the best option here
Answer B – Loopback processing isn’t going to help
Answer D – No mention of changing the default Security, if we didn’t want “A” user to have the link, I might agree that this is the answer, but problem is that “A” user doesn’t get the link.
the biggest thing missing from this question is which department the user is in!
0
0
in fact, scratch my last answer…link preference, not where linked…so now I go back to this is a crap question lol
0
0
Do the research folks…
https://msdn.microsoft.com/en-us/library/cc733022.aspx
“You can use item-level targeting to change the scope of individual preference items, so they apply only to selected users or computers. Within a single Group Policy object (GPO), you can include multiple preference items, each customized for selected users or computers and each targeted to apply settings only to the relevant users or computers.”
In the question it states that ‘Preferences of GPO1’… two short cuts Link1 and Link2…
Link1 should be targeted to Marketing and Link2 to HR.
Therefore…
Item-Level targeting.
0
3
lol, where does it state there are two shortcuts?
read the questions mate!
0
0
I can’t see why so many people are assuming that users in OU1 shoud see the shortcut. They should not, as the GPO is not linked to their OU.
The issue here is users in *OU2* not having the shortcut, possibly because of a misconfiguration. The questions is asking us to check what is causing the issue.
The only possibile setting that can prevent users in OU2 from having the shortcut is Security Filtering filtering them off.
It’s D definitely.
1
0
Answer is D
Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can
specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a
whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO.
0
0
By default, when you create a GPO the security filtering has “Authenticated users” on it, so you wouldn’t need to change it since the GPO is applied to that OU.
The only option here is C, maybe someone didn’t configure the action of the link.
0
0
Very bad question … missed informations :
A – Wrong : there no other enforced GPO on any OU
B – Wrong : Useless
C – Possible good: it means administrateur has done mistake on the rule configuration
D – Possible good: it means administrateur has done mistake on the GPO security modification
0
0
A,B,C,D in some magical way, can help to solve the problem with user in OU2.
But not one of the options does not allow to create a shortcut for users in OU1
0
0
Usually posts some pretty exciting stuff like this. If you are new to this site.
0
1
we like to honor quite a few other internet web pages on the net, even if they arent linked to us, by linking to them. Beneath are some webpages worth checking out
0
2
we came across a cool web-site that you just may possibly enjoy. Take a appear for those who want
0
2
we like to honor quite a few other world-wide-web web sites on the internet, even when they arent linked to us, by linking to them. Below are some webpages worth checking out
0
2
we like to honor lots of other world wide web internet sites around the internet, even when they arent linked to us, by linking to them. Beneath are some webpages really worth checking out
0
2
we like to honor lots of other internet web sites on the net, even when they arent linked to us, by linking to them. Below are some webpages worth checking out
0
1
below you will discover the link to some web sites that we believe you ought to visit
0
2
we like to honor many other net web pages around the internet, even though they arent linked to us, by linking to them. Below are some webpages worth checking out
0
2
The information mentioned in the write-up are some of the most beneficial out there
0
2
below youll find the link to some web-sites that we think you need to visit
0
2
check beneath, are some completely unrelated sites to ours, nonetheless, they are most trustworthy sources that we use
0
1
Sites of interest we have a link to
0
2
below youll discover the link to some web sites that we believe you need to visit
0
2
Every as soon as in a although we opt for blogs that we read. Listed below are the most up-to-date web pages that we decide on
0
2
that is the finish of this report. Right here youll obtain some web-sites that we assume youll enjoy, just click the links over
0
2
D was the answer that was marked right on a test I took on e-careers website (tech.e-careers.com).
0
0