CNA 234 | Ch.4, Configuring Group Policies

Ace your homework & exams now with Quizwiz!

ADMX central store

A centralized location for maintaining ADMX files so that when an ADMX file is modified from one domain controller, all DCs receive the updated file.

Group Policy Template (GPT) Group Policy Container (GPC)

A domain GPO is represented by an Active Directory object, but it's composed of two separate parts. What are those parts?

Item-level targeting

A feature of Group Policy preferences that allows an administrator to target specific users or computers based on specified criteria.

Group Policy preferences

A feature of Group Policy that enables administrators to setup a baseline computing environment, while still allowing users to make changes to configured settings.

Batch file

A script that consists of a series of commands saved in a file with a .bat extension.

Script

A series of commands saved in a text file to be repeated easily at any time.

Unmanaged policy setting

A type of group policy setting that persists on the user or computer account, meaning that it remains even after the computer or user object falls out of the GPO's scope.

Managed policy setting

A type of group policy setting whereby the setting on the user or computer account reverts to its original state when the object is no longer in the scope of the GPO containing the setting.

.adml

Admx files can also have an _____ extension, which provides a language-specific user interface in the Group Policy Management Editor.

GPO

An object containing policy settings that affect user and computer operating environments and security.

remote differential compression (RDC)

Distributed File System Replication (DSFR) uses an algorithm called ___, in which only data blocks that have changed are compressed and transferred across the network.

globally unique identifier (GUID)

Each GPO is assigned a ____, a 128-bit value represented by 32 hexadecimal digits.

Domain GPOs

Group Policy Objects are stored in Active Directory on domain controllers. They can be linked to a site, a domain, or an OU and affect users and computers whose accounts are stored in these containers.

Every 90 minutes

How often are Computer Configuration preferences refreshed?

True

True or False? Folder redirection applies strictly to user accounts and is found only under the User Configuration node in Policies, Windows Settings, Folder Redirection.

True

True or False? Local GPOs are not available in versions of Windows prior to Vista.

D. Desktop

Which of the following is a subfolder in the User Configuration node but not the Computer Configuration node of a GPO? A. Network B. Windows Components C. System D. Desktop

A. Administrative templates

Which of the following is best described as policy definition files saved in XML format? A. Administrative templates B. Security templates C. Group Policy objects D. Group Policy templates

auditpol /clear

what command-line command can be used to clear all audit policy subcategories so that auditing is controlled only by Group Policy?

Machine

what folder contains subfolders that store policy settings related to the Computer Configuration node?

Group Policy Container (GPC)

A GPO Component that stores GPO properties and status information but no actual policy settings.

Starter GPO

A GPO template that can be used as a baseline for creating new GPOs much like user account templates.

Folder redirection

A Group Policy feature that allows an administrator to set policies that redirect one or more folders in a user's profile directory.

Local GPOs

A Group Policy object that's stored on local computers and can be edited by the Group Policy Object Editor snap-in.

Microsoft Software Installation (MSI) file

A collection of files gathered into a package with an .msi extension that contain the instructions that Windows Installer needs to install an application.

Elevation

A process that occurs when a user attempts to perform an action requiring administrative rights and is prompted to enter credentials.

C. Verify that DFSR is operating correctly.

All your domain controllers are running Windows Server 2016. You're noticing problems with GPT replication. What should you do? A. Verify that Active Directory replication is working correctly. B. Verify that FRS is operating correctly. C. Verify that DFSR is operating correctly. D. Check the GPOReplication flag for the GPT in the Attribute Editor.

[filename].exe /extract

An MSI file can at times be extracted from a .exe file with what command prompt command?

All Settings

An additional node under Administrative Templates called ___________ displays all Administrative Template settings and can be sorted in alphabetical order.

auditpol.exe

Certain events, such as logons and directory service access, are audited by default and can be changed only using what command-line tool?

HKEY_LOCAL_MACHINE

Settings in Administrative Templates have an affect on which Registry Key?

HKEY_LOCAL_USER

Settings in the User Configuration node have an affect on which Registry key?

Security templates

Test files with an .inf extension that contains information for defining policy settings in the Computer Configuration\Policies\Windows Settings\Security Settings node of a local or domain GPO.

Group Policy Template (GPT)

The component of a GPO that contains all the policy settings and related files, such as scripts.

PolicyDefinitions

The first step to creating a central ADMX store, is to create a folder named ________________ in the same folder that GPTs are stored.

Group Policy Management Console (GPMC) Group Policy Management Editor (GPME)

The main tools for managing, creating and editing GPOS are the ____ and the ____.

13

There are __ folders you can redirect.

GPT.ini

This file contains the version number used to determine when a GPO has been modified.

Group Policy Preferences Client Side Extensions (GPP CSE)

This package must be installed in order for computers to recognize and download settings in the Preferences folder when processing group policies.

False. DFSR is the more efficient and reliable replication method.

True or False? Between File Replication Service (FRS) and Distributed File System Replication (DFRS), FRS is the more efficient and reliable replication method.

False. Filters work only with settings in the Administrative Templates folders.

True or False? Filters work only with settings in the Windows Settings folders; you can't filter settings in the Software Settings or Administrative Templates folders.

C. Domain GPOs can be linked to Active Directory sites. D. The gpedit.msc tool can be used to edit local GPOs.

Which of the following are true about GPOs? (Choose all that apply.) A. Local GPOs override domain GPOs. B. Domain GPOs are stored on member servers. C. Domain GPOs can be linked to Active Directory sites. D. The gpedit.msc tool can be used to edit local GPOs.

Local Security Policy

Windows has a preconfigured MMC called ________________________ that enables you to edit policies in just the Security Settings node of the local GPO.

B. Create an ADMX store in the SYSVOL share and copy the ADMX files to the ADMX store.

You have been working with ADMX files to modify existing Administrative Templates and create new templates. You work on different domain controllers depending on your location. Despite a concerted effort, your ADMX files are getting out of sync. How can you solve this problem? A. Remove group policy management tools from all but one domain controller so that policies can be managed from only one computer. B. Create an ADMX store in the SYSVOL share and copy the ADMX files to the ADMX store. C. Create an ADMX store in Active Directory and move all your ADMX files to Active Directory. D. Share the %systemroot%\PolicyDefinitions folder on all your domain controllers and set up Task Scheduler to copy ADMX files automatically from one system to all other systems.

C. Disable the Apply once and do not reapply option.

You have configured a group policy preference that creates a VPN connection for all computers in the GPO's scope. One user says the connection was there yesterday, but it's no longer showing in his Network Connections window. You suspect he might have deleted the connection accidentally. What can you do to make sure that the VPN connection is re-created even if a user deletes it? A. Configure the Read-only option. B. Configure item-level targeting. C. Disable the Apply once and do not reapply option. D. Disable the Remove this item when it is no longer valid option.

B. The policy setting is unmanaged.

You have configured a policy setting in the User Configuration node of a domain GPO and linked the GPO to OU-X. Later, you discover that you linked it to the wrong OU, so you unlink it from OU-X and link it to OU-Y, which is correct. A few days later, you find that users in OU-X still have the policy setting applied to their accounts. What's the most likely cause of the problem? A. Group policy settings haven't been refreshed. B. The policy setting is unmanaged. C. Users in OU-X have an item-level target filter configured. D. The GPO is disabled.

B. In the central store

You have created a custom administrative template. You want this template to be available to all DCs so that policies can be configured with it from any DC. Where should you save it? A. In %systemroot%\PolicyDefinitions B. In the central store C. In the root of the C: drive D. In ADUC

C. Open the file with ADMX Migrator.

You have installed an application that can be configured with Group Policy. The application came with a custom ADM file that must be replicated to all DCs. What should you do first? A. Copy the file to %windir%\PolicyDefinitions. B. Open the file with an XML editor and save it. C. Open the file with ADMX Migrator. D. Change the extension to .inf.

B. In the Group Policy Management Editor, configure a filter; set Managed to No, and enable Keyword Filters.

You need to find a policy related to an application that was installed a couple years ago. You know that the policy is persistent when the computer that it's applied to falls out of scope, but you can't remember its name. You remember a word or two that might be in the policy name or comments. What can you do to find this policy quickly? A. In the Group Policy Management console, create a policy search term; set Persistent to Any, and enable Full Text search. B. In the Group Policy Management Editor, configure a filter; set Managed to No, and enable Keyword Filters. C. In the Group Policy Management console, configure a search script; set Managed to Yes, and enable Requirements Filters. D. In the Group Policy Management Editor, configure a policy screen; set Persistent to Yes, and enable Title and Comments.

D. Configure an Internet Options preference and change the defaults in the Common tab.

You want all users to have the company home page and two other websites loaded in tabs when they start Internet Explorer, but you want them to be able to change their home pages if they like. What should you do? A. Configure an IE policy and set it to unmanaged. B. Configure an Internet Options preference and accept the default options in the Common tab. C. Configure an IE policy and enable the Allow user changes option. D. Configure an Internet Options preference and change the defaults in the Common tab.

B. Configure folder redirection in the User Configuration node of a GPO.

You want to centrally back up the files that users store in the Documents folder in their user profiles, but you don't want users to have to change the way they access their files. What's the best way to go about this? A. Deploy a script that copies files from the Documents folder to a share on a server. B. Configure folder redirection in the User Configuration node of a GPO. C. Deploy a Mapped Drive preference, and tell users to save their files to the mapped drive. D. Configure a backup policy in the Computer Configuration node of a GPO.

C. Save the script in the SYSVOL share

You want to deploy a logon script by using Group Policy. You have several sites connected via a WAN with a DC at each site. You want to make sure the script is always available when users log on from any computer at any location. What should you do? A. Create a share on the fastest DC in the network and save the script there. B. Send the script via email to all users and have them save it locally. C. Save the script in the SYSVOL share. D. Copy the script to cloud storage.

C. Publish the package under the User Configuration node.

You want to deploy a software package that's available to all users in the domain if they want to use it, but you don't want the package to be installed unless a user needs it. How should you configure the software installation policy? A. Publish the package under the Computer Configuration node. B. Assign the package under the Computer Configuration node. C. Publish the package under the User Configuration node. D. Assign the package under the User Configuration node.

A. Configure item-level targeting.

You want to set a Group Policy preference that affects only computers with a CPU speed of at least 4.0 GHz. What's the best way to do this? A. Configure item-level targeting. B. Move all computers meeting the criteria to a separate OU. C. Configure the group policy client on each computer with this type of CPU. D. Create a WMI filter with the Group Policy Management Editor.

A. Run Security Configuration and Analysis on the computer to compare its security settings against a security database.

You're concerned that some domain controllers and workstations don't meet security requirements. What should you do to verify security settings on a computer against a list of known settings? A. Run Security Configuration and Analysis on the computer to compare its security settings against a security database. B. Open the Group Policy Management console on the computer, click the Security node, and run Group Policy Results. C. Run secpol.msc on the computer and use Group Policy Modeling. D. Use secedit /configure on the computer and read the report that's generated.

A. Check the versionNumber attribute of the GPC and open the GPT.ini file.

You're having replication problems with your GPOs and suspect that the version numbers have somehow gotten out of sync between the GPT and the GPC. What can you do to verify the version numbers on a GPO? A. Check the versionNumber attribute of the GPC and open the GPT.ini file. B. Check the versionNumber attribute of the GPT and open the GPC.ini file. C. Right-click the GPO in the Group Policy Management console, click Properties, and view the version in the General tab. D. Right-click the GPO in the Group Policy Management Editor, click Properties, and view the version in the General tab.

Assigned application

An option of deploying software to users, that can be installed automatically when a user logs onto a computer in the domain, or it can be set to install automatically if a user opens a file associated with the application.

Published application

An option of deploying software to users, where rather than the application installing automatically, a link to install the application is made available under Control Panel's Programs and Features.

Every 90 minutes

Computer configuration policies are updated how often after their initial installation?

User Account Control Policies

Policies that determine what happens on a computer when a user attempts to perform an action that requires elevation.

.ps1

PowerShell scripts should be saved using what extension?

.admx

What file extension is used by administrative template files?

.adm

What file extension was used in place of .admx prior to Windows Vista and Server 2008?

User

What folder contains subfolders that store policy settings related to the User Configuration node?

%systemroot%\SYSVOL\sysvol\System\Policies

What folder is the Group Policy Container (GPC) stored in?

Command script

What is the alternate name for a batch file?

gpedit.msc

What is the command to open the Group Policy console?

%systemroot%\SYSVOL\sysvol\domain\Policies

What is the local path to GPT folders on a domain controller?

0, 3

What value under status indicates that the GPO is enabled? What value is used to indicate that the GPO is disabled?

C. In a folder named the same as the GUID of the GPO in the SYSVOL share

Where is a GPT stored? A. In a folder named the same as the GPO in the SYSVOL share B. In a folder named the same as the GUID of the GPO in Active Directory C. In a folder named the same as the GUID of the GPO in the SYSVOL share D. In a folder named the same as the GPO in Active Directory

A. Local Administrators D. Local Non-Administrators

Which of the following are local GPOs on a Windows 10 computer? (Choose all that apply.) A. Local Administrators B. Local Default User C. Local Default Domain D. Local Non-Administrators

B. Link it to a container. D. Use the Group Policy Objects folder of the Group Policy Management console.

Which of the following are methods for creating a GPO? (Choose all that apply.) A. Use Active Directory Users and Computers. B. Link it to a container. C. Use an XML editor. D. Use the Group Policy Objects folder of the Group Policy Management console.


Related study sets

Resistance/ Conductance/ Ohm's Law

View Set

Critical Thinking, Implementing Nursing Care, Nursing Diagnosis, Planning Nursing Care

View Set

English Unit 2: Becoming a Nation

View Set