HOTSPOT
Your network contains an Active Directory domain named contoso.com.
The domain contains an organizational unit (OU) named OU1 as shown in the OU1 exhibit. (Click the
Exhibit button.)
The membership of Group1 is shown in the Group1 exhibit. (Click the Exhibit button.)
You configure GPO1 to prohibit access to Control Panel. GPO1 is linked to OU1 as shown in the GPO1
exhibit. (Click the Exhibit button.)
Select Yes if the statement can be shown to be true based on the available information; otherwise
select No. Each correct selection is worth one point.
Answer: 
Explanation:
Group Policy does NOT APPLY TO SECURITY GROUPS, only users and computers in an OU.
Consequently, the only users in the OU are User2 and User4. Since the Security Filtering specifies
that the policy will only apply to users/computers in the OU who are members of Group1 or User3,
User4 will not have the policy applied. Since User2 is, in fact, a member of Group1, the policy will be
applied to user 2. Thus, the only user who will not be able to access the control panel is User2.
Why not NNNY?
1
0
No,No,No,Yes
1
0
Ok. i found explanations:
user 1 isn’t in OU – GPO doesnt’t apply to objects outside OU and to groups
– can access CP
user 2 reside in OU – GPO apply
– cannot access CP
user 3 isn’t in OU – GPO doesnt’t apply to objects outside OU and to groups
– can access CP
user 4 GPO Security filtering dont apply to user 4
There is a simple rule, if the object is in the OU listed in the GPO, and also listed in the security filtering (direct or in a group), then the GPO will apply.
As the “Authenticated Users” link was removed from the security filtering, and only “Group 1” and “User 3” were added to that filter, the security filter is what prevails here. So, “user3” doesn’t belong to “OU1”, so he can access control panel.
User 4 belongs to the OU1, but he is not included on the security filter (which is what prevails), so he can access control panel.
As GPOs can’t be applied to groups, even though User 1 is included in Group1 and Group 1 is included in the security filtering, in this case isn’t considered, because GPOs are not applied to groups, so User1 can access control panel.
The only user that is included in in both OU1 and the security filtering is User2, so he’s the only one who is denied access to control panel.
I can not test it unfortunately. the answers are mixed, and perhaps also the test cases. who knows the right answer? Some information links related to 2003 R2 systems.
“The settings in a GPO will apply only to users and computers are indeed contained in the domain, Organizational Unit, or Organizational Units to Which the GPO is linked,
and That are specified in or are members of a group are specified in Security Filtering did ”
Therefore i go with: N-Y-N-N
https://technet.microsoft.com/en-us/library/cc752992.aspx
https://technet.microsoft.com/en-us/library/cc779291%28v=ws.10%29.aspx
0
0
ohaaa… Y-N-Y-Y… Sry
1
0
What is the real answer to this question? my answer is Y-Y-Y-N
0
0
Why not YNNY
User 1 not in the OU
User 2 is in the OU
User 3 is in the security filter
User 4 is not in the OU
0
0
So…I guess I am blind.
User 4 is in the OU.
User 1 is not in the OU but in the group which is in the security filter….so wouldn’t that user it be applied to
User 2 is in the OU It would apply there
User 3 in the security filter….so wouldn’t it apply there
user 4 in the OU.
NNNN??
0
0
I talked this through:
My final answer (for tonight)
Y
N
Y
Y
User 1 while they are in the group mention in the security filter the group policy applies to users and computers not groups
User 2 is in the OU and is a member of the group in the security filter
User 3 is not a member of the group and not a member of the OU
User 4 is in the OU but not a member of the group.
So I am in agreement with Nikita last comments
0
0
Although your answer for user 1 is correct, your definition is not 100% accurate.
Security Filter does apply to users, computers AND groups.
This must apply to groups, as by default, the authenticated users group is listed in the security filtering area.
The reason why User 1 is does not have this policy applied, is because user 1 is not in the OU.
0
0
Replicated in my lab. Answer is correct.
0
0
Answers is:
User1 – Yes
User2 – No
User3 – Yes
User4 – Yes
So the answer is correct.
0
0
Recreated the issue. YNYY
0
0
NNNY
Check under Security Filtering.
0
0
User 1 can access cpl – gp does not apply
User 2 CANNOT access cpl – GPO APPLIES
User 3 can access cpl – gp does not apply
User 4 can access cpl – gp does not apply
The only user a gpo will apply to is a user who resides in BOTH the OU that the gpo is applied to and the security filter settings of that particular gpo.
The caveat to this is the ou with which the gpo is applied must directly contain the user. What I mean by this is the user cannot just be a member of a group within an ou. If a user is a member of a group and a gpo is applied to an ou that contains this group the gpo is not applied to said user UNLESS the user is named specifically in the ou. As user 2 is in this scenario.
This is the opposite of the way the security filtering works in the actual gpo. If you specify a group within the security filtering section of a gpo the gpo applies to any user of that group as long as the user is named specifically in the ou that the gpo is applied to as mentioned in the previous paragraph.
This is a really good question is helped me in my studies a lot.
0
0
Group Policy does NOT APPLY TO SECURITY GROUPS, only users, and computers IN an OU. Consequently, the only users in the OU are User2 and User4. Since the Security Filtering specifies that the policy will only apply to users/computers in the OU who are members of Group1 or User3, User4 will not have the policy applied. Since User2 is, in fact, a member of Group1, the policy will be applied to user 2. Thus, the only user who will not be able to access the control panel is User2. Same with User 3, he is not a member in any OU and as long as this group policy does NOT apply to users, so User 3 will have access to control panel as well. So the correct answer is YNYY
0
0