8.1.13 Practice Questions
Which of the following do you need in order to install the Group Policy Management Tools? (Select three.)
A server management VM that's joined to the managed domain An Azure AD DS managed domain An Azure Active Directory tenant
You have created a group policy that prevents users in the accounting department from accessing records in a database that has confidential information. The group policy is configured to disable the search function for all users in the Accounting OU no matter which workstation is being used. After you configure and test the policy, you learn that several people in the Accounting OU have valid reasons for using the search function. These users are part of a security group named Managers. What can you do to prevent the Group Policy object (GPO) that you have configured from applying to members of the Managers group?
Add the Managers group to the GPO's discretionary access control list (DACL). Deny the apply Group Policy and read permissions to the Managers group.
You are the security administrator for a large metropolitan school district. You are reviewing security standards with the network administrators for the high school. The school's computer center has workstations for anyone's use. All computers in the computer center are members of the Computer Center Computers global group. All workstations are currently located in the Computers container. The computer center computers have access to the internet so users can perform research. Any user who uses these computers should be able to run Internet Explorer only. Other computers in the high school should not be affected. To address this security concern, you create a Group Policy object (GPO) named Computer Center Security. How can you configure and apply this GPO to enforce the computer center's security?
Configure the Computer Configuration node of the Computer Center Security GPO to restrict software to Internet Explorer only. Link the GPO to the domain and allow access to the Computer Center Computers group only.
You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. From your workstation, you create a GPO that configures settings from a custom .admx file. You link the GPO to the Sales OU. You need to make some modifications to the GPO settings from the server console. However, when you open the GPO, the custom administrative template settings are not shown. What should you do?
Enable the Administrative Templates central store in Active Directory. Copy the .admx file to the central store location.
Which tool can be used to customize existing GPOs or to create custom GPOs?
Group Policy Management Editor
What is the order of precedence for group policy processing?
Local group policy, Site policy, Domain policy, OU policy
You are the administrator for a network with a single Active Directory domain named widgets.local. The widgets.local domain has an organizational unit object for each major department in the company, including the Information Systems department. User objects are located in their respective departmental OUs. Users who are members of the Domain Admins group belong to the Information Systems department. However, not all employees in the Information Systems department are members of the Domain Admins group. To simplify employees' computing environment and prevent problems, you link a Group Policy object (GPO) to the widgets.local domain that disables the control panel for users. How can you prevent this Group Policy object from applying to members of the Domain Admins group?
On the Group Policy object's access control list, deny the apply Group Policy permission for members of the Domain Admins group.
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You would like to configure all computers in the Sales OU to prevent the installation of unsigned drivers. Which GPO category would you edit to make the necessary changes?
Security Options
You are the administrator for the widgets.com domain. Organizational units (OUs) have been created for each company department. User and computer accounts for each department have been moved into their respective departmental OUs. You have two OUs that contain temporary users, TempSales and TempMarketing. For all users within these OUs, you want to restrict what the users are able to do. For example, you want to prevent them from shutting down the system or accessing computers through a network connection. Which GPO category would you edit to make the necessary changes?
User Rights
Which command should you enter at the command line to directly access the local Group Policy snap-in?
gpedit