Active Directory Ch-06

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Not Configured, Enabled, and Disabled.

A policy setting can have one of three states:

operating system installation

Remote Installation Services (RIS) policies control the behavior of a remote ______, using RIS.

16

Security settings are reapplied every ______ hrs even if a GPO has not changed.

HKEY_LOCAL_MACHINE (HKLM)

Settings in the Administrative Templates in the Computer Configuration node modify registry values in the ______ key.

HKEY_CURRENT_USER (HKCU)

Settings in the Administrative Templates node in the User Configuration node modify registry values in the ______ key.

filtered or targeted

Settings that are configured by GP Preferences within a GPO can be ______, or ______, based on several criteria.

1. You can copy and paste entire GPOs in the GPO container of the GPMC so that you have a new GPO with all the settings of the source GPO. 2. To transfer settings between GPOs in different domains or forests, right-click a GPO and choose Back Up. In the target domain, create a new GPO, right-click it, and choose Import Settings to import the settings of the backed-up GPO.

There are two other ways to copy settings from one GPO into another, new GPO:

tattooing

This is often called _____ the registry—making a permanent change.

inherited

The default behavior of GP is that GPOs linked to a higher-level container are ______ by lower-level containers.

1. A centralized definition of a change or setting. 2. A definition of the users or PCs to whom the change applies, called the scope of the change. 3. A mechanism that ensures that the setting is applied to users and PCs within the scope.

The key elements of configuration management are:

%SystemRoot%\System32\GroupPolicy

The local GPO exists whether or not the PC is part of a domain, workgroup, or non-networked environment and is stored in ______.

policy

The most granular component of GP is an individual ______ setting that defines a specific configuration change to apply.

not installed

The software extension, for example, is configured to forgo policy processing so that software is ______ if a slow link is detected.

GPT.ini

The version number is stored as an attribute of the GPC and in a text file, ______, in the GPT folder.

%SystemRoot%\PolicyDefinitions

To add ADMX/ADML administrative templates to the GPME, copy the ADMX file into the ______ folder on your client, or in the central store.

Win Server 2008, Win Server 2008 R2, and Win 7.

To apply preferences, systems require the preferences CSEs, which are included with Windows ______.

Create a folder called PolicyDefinitions in the \\fqdn\SYSVOL\fqdn\Policies path, where fqdn is the AD DS domain name.

To create a central store:

Default Domain Policy and Default Domain Controllers Policy

When AD DS is installed, two default GPOs are created:

Enforced

When a GPO link is set to ______, the GPO takes the highest level of precedence; policy settings in that GPO prevail over any conflicting policy settings in other GPOs.

Group Policy Client

When a Group Policy refresh begins, a service running on all Windows systems (called the ______) determines which GPOs apply to the computer or user.

logoff, shutdown

When a computer is shut down, the CSE first processes ______ scripts, followed by ______ scripts.

top to bottom

When you assign multiple logon/logoff or startup/shutdown scripts to a user or computer, the Scripts CSE executes the scripts from ______.

access control list (ACL)

When you paste a GPO, you have the option to copy the ______ from the original GPO, which preserves the security filtering, or to use the default ACL for new GPOs in the target domain.

1. Copy 2. Back Up 3. Restore From Backup 4. Import Settings 5. Save Report 6. Delete 7. Rename

When you right-click a GPO in the GPMC, you are presented with a menu of seven useful management commands:

Group Policy Preferences.

Win Server 2008 introduced a new component of GP: ______.

multiple

Win Vista and Win Server 2008 and later systems have ______ local GPO(s).

HKLM\Software\Policies (computer settings) HKCU\Software\Policies (user settings) HKLM\Software\Microsoft\Windows\Current Version\Policies (computer settings) HKCU\Software\Microsoft\Windows\Current Version\Policies (user settings)

With regard to managed policy settings, changes are made in one of four keys in the registry reserved for managed policy settings:

Create A GPO In This Domain And Link It Here

You can also create and link a GPO with a single step: right-click a site, domain, or OU, and then click ______.

GPUpdate

You can also force a policy refresh by using the ______ command.

prepopulated with a copy

You can create a new GPO from a starter GPO, in which case the new GPO is ______ of the settings in the starter GPO.

security and Windows Management Instrumentation (WMI) filters.

You can further narrow the scope of the GPO with one of two types of filters:

Group Policy Management Console (GPMC)

You can manage GPOs in AD by using the ______.

Preferences

You can use ______ to prevent USB hard drives, including personal media players, from being connected to computers.

ActiveX

You can use any ______ scripting language to write scripts.

GPO link

You can use several methods to manage the scope of GPOs. The first is the ______.

GP Management Editor (GPME), PowerShell

You configure policy settings by using the ______, or by using Windows ______.

Resultant Set Of Policy (RSOP)

You must be able to understand and evaluate the ______, which determines the settings that are applied by a client when the settings are configured divergently in more than one GPO.

Security

______ filters specify global security groups to which the GPO should or should not apply.

Windows Management Instrumentation (WMI)

______ filters that specify a scope, by using characteristics of a system such as OS version or free disk space.

Configuration management

______ is a centralized approach to applying one or more changes to one or more users or computers.

Group Policy (GP)

______ is a framework within Windows that allows you to centrally manage configuration in an AD DS domain.

Central Store

______ is a single folder in SYSVOL that holds all the ADMX and ADML files that are required.

Group Policy Software Installation (GPSI)

______ is supported by the software installation CSE. You can configure a GPO to install one or more software packages.

Targeted

______ preferences allow you to further refine the scope of Preferences within a single GPO.

language-and-region-specific

Copy the ADML file into the ______ subfolder, such as en-us, of %SystemRoot%\PolicyDefinitions on your client, or in the central store.

take effect

If a policy setting is not configured in a GPO with higher precedence, the policy setting (either enabled or disabled) in a GPO with lower precedence will ______.

it performs a GP refresh to obtain the latest GPOs from the domain.

If a remote user connects to the network, the GP Client determines whether a GP refresh window has been missed. If so, what does the client do?

Win Server 2008 or later

If all DCs are running ______, you can configure SYSVOL replication to use DFS-R, a much more efficient and robust mechanism.

persistent in the registry

In contrast, an unmanaged policy setting makes a change that is ______.

Remote Installation Services, Folder Redirection, and Internet Explorer Maintenance

In the User Configuration node only, the Windows Settings folder contains the additional ______ nodes.

20 CSEs

Introduced in Win Server 2008 and Win Vista, preferences provide more than ______ to help you manage an incredible number of additional settings.

right-click the domain or OU in the GPME and choose Block Inheritance

A domain or OU can be configured to prevent the inheritance of policy settings. To block inheritance, do the following:

1. The user interface (UI) is locked so a user cannot change the setting. 2. Changes are made in one of four keys in the registry reserved for managed policy settings: 3. Changes made by a GP setting, and the UI lockout, are "released" if the user or computer falls out of scope of the GPO.

A managed policy setting has the following characteristics:

system startup and every 90 to 120

Policy settings in the Computer Configuration node are applied at ______ and every ______ minutes thereafter.

enforced

A GPO link that is ______ applies to child containers even when those containers are set to Block Inheritance.

overrides

A GPO that is applied later in the process ______ settings applied earlier in the process.

precedence

A GPO with higher ______ prevails over a GPO with lower ______.

GPO

A ______ is an object that contains one or more policy settings and thereby applies one or more configuration settings for a user or computer.

all administrative templates

After you have set up Central Store, the GPME recognizes it and loads ______ from Central Store instead of from the local computer.

administrative template

An ______ is a text file that specifies the registry change to be made and that generates the user interface to configure these template's policy settings in the GPME.

Windows Server 2008

Another GP feature introduced in ______ is starter GPOs.

500

By default, a link is considered slow if it is less than ______ kilobits per second (kbps).

lower

By default, inherited GPOs have ______ precedence than GPOs linked directly to the container.

create

By default, the Domain Admins group and the GP Creator Owners group are delegated the ability to ______ GPOs.

GPME

By default, the ______ hides unmanaged policy settings to discourage you from implementing a configuration that is difficult to revert.

10

By default, the timeout value for processing scripts is ______ minutes.

version number

By default, when GP refresh occurs, the CSEs apply settings in a GPO only if the GPO has been updated. The GP Client can identify an updated GPO by its ______.

one

Computers running Win 2000, Win XP, and Win Server 2003 each have ______ local GPO(s), which can manage configuration of that system.

scoping a GPO

Configuration changes in a GPO do not affect PCs or users in your enterprise until you have specified the PCs or users to which the GPO applies. This is called ______.

Every 90 to 120 minutes, the GP Client service determines which GPOs are scoped to the user or PC and downloads any GPOs that have been updated, based on the GPOs' version numbers. CSEs process the policies in the GPOs according to their policy processing configuration. By default, most CSEs apply policy settings only if a GPO has been updated. Some CSEs also do not apply settings if a slow link is detected.

Describe the default GP processing behavior, including refresh intervals and CSE application of policy settings.

PDC emulator

Connecting to the ______ reduces the possibility that a GPO might be changed on two different domain controllers.

downloaded from the Microsoft Download Center.

Preferences CSEs for Win XP, Win Server 2003, and Win Vista can be acquired from where?

Files and folders Shortcuts Printers Scheduled tasks Network connections

Preferences also helps you deploy the following:

version number

Each GPO has a ______ that is incremented each time a change is made.

Administrators and Non-Administrators.

In Win Vista and Win Server 2008 and later, the user settings in the Local Computer GPO can be modified by the user settings in two new local GPOs: ______.

registry-based

In both the Computer Configuration and User Configuration nodes, the Administrative Templates node contains ______ GP settings.

Scripts, Security Settings, and Policy-Based QoS nodes

In both the Computer Configuration and User Configuration nodes, the Policies node contains a Windows Settings node that includes the ______.

user data and settings folders

Folder Redirection allows you to redirect ______ and ______ from their default user profile location to an alternate location on the network, where they can be centrally managed and accessed.

client-side extensions (CSEs)

GP Client downloads any GPOs that it does not already have cached. Then a series of processes called ______ do the work of interpreting the settings in a GPO and making appropriate changes to the local computer or the currently logged-on user.

GP Container (GPC) and GP Template (GPT)

GP settings are presented as GPOs in AD user interface tools, but a GPO is actually two components: ______.

sites, domains, and OUs in AD

GPOs can be linked to ______.

%SystemRoot%\SYSVOL\domain\Policies\ PolicyDefinitions.

If you are logging on to a DC, locally or by using RDP, the local path to the PolicyDefinitions folder is ______.

client, push

One of the more important concepts to remember about GP is that it is ______ driven. GP is not a ______ technology.

site, followed by those linked to the domain, followed by those linked to OUs

Policies are applied sequentially, beginning with the policies linked to the ______—from the top-level OU down to the OU in which the user or computer object exists.

Administrative Templates

Policies in the ______ node make changes to the registry.

Group Policy object (GPO)

Policy settings are defined and exist within a ______.

auditing

The Default Domain Controllers GPO should be modified to implement your ______ policies.

pulls the GPOs

The GP Client ______ from the domain, triggering the CSEs to apply settings locally.

CSEs

The GP Client knows the version number of each GPO it has previously applied. If it discovers that the version number of the GPC has been changed, the ______ are informed that the GPO is updated.

settings

The GPC defines basic attributes of the GPO, but it does not contain any of the ______. The settings are contained in the GPT.

Directory Replication Agent (DRA)

The GPC in AD is replicated by the ______, using a topology generated by the Knowledge Consistency Checker (KCC) that can be refined or defined manually.

The File Replication Service (FRS) or the Distributed File System Replication (DFS-R)

The GPT in the SYSVOL is replicated by using one of two technologies.

%SystemRoot%\SYSVOL\Domain\Policies\GPOGUID

The GPT, a collection of files stored in the SYSVOL of each DC in the ______ path, where GPOGUID is the GUID of the GPC.

startup/shutdown and logon/logoff

The Scripts extension allows you to specify two types of scripts: ______ (in the Computer Configuration node) and ______ (in the User Configuration node).

Security Settings

The ______ node allows a security administrator to configure security by using GPOs.

Policy-Based QoS

The ______ node defines policies that manage network traffic.

Edit

To edit a GPO, right-click the GPO in the Group Policy Objects container and choose ______.

Environment variables Applications such as Microsoft Office Mapped drives Registry settings Power options Folder options Regional options Start menu options

Underneath both Computer Configuration and User Configuration is a Preferences node that includes:

logon and every 90 to 120

User Configuration policy settings are applied at ______ and every ______ minutes thereafter.

Right-click Sites in the GPMC console tree and choose Show Sites.

What must you do to show sites in the GPMC?


Set pelajaran terkait

Art History Final (Chapters 19-24)

View Set

Independence of India and Pakistan

View Set

Bio Lab chapter 26 Sponges and Cnidarians

View Set

Principles of Management - Final - Belmont

View Set

Test Questions Chapter 22, 27, 28 Med Surg

View Set

Kinn's Administrative Medical Assistant Chapter 12 Study Guide

View Set