Apply Your Knowledge

1.

From the Start menu, click Start, Control Panel, Administrative Tools, Group Policy Management.

2.

In the left pane, expand the domain, and then expand the Kansas City\Users container. Right-click the Users OU and select Create and Link a GPO Here.

3.

When prompted, name the GPO Desktop Background.

4.

In the GPO container, right-click the new GPO and select Edit from the pop-up menu.

5.

This opens the Group Policy Object Editor. Select User configuration, Administrative Templates, Desktop, Active Desktop. In the right pane, double-click the Active Desktop Wallpaper entry.

6.

This opens the Active Desktop Wallpaper Properties dialog box. Select the Enable button, and then enter c:\windows\greenstone.bmp in the Wallpaper Name field. Click OK to save.

7.

In the right pane, double-click the Enable Active Desktop entry.

8.

This opens the Active Desktop Properties dialog box. Select the Enable button, and then click OK to save.

9.

Close the Group Policy Object Editor.

10.

Back in the GPMC, with the Desktop Background GPO selected, click the Delegation tab.

11.

Highlight the Authenticated Users entry and click the Remove button.

12.

Click the Add button, add the Managers group, and give them Read permissions.

13.

On your test server or workstation, log on using any user account.

14.

Open a command window and run the gpupdate command. Close the command window.

15.

Log off the test machine.

16.

Log on the test machine using an account that is a member of the Managers group. You should see the Greenstone desktop background.

17.

Log off the test machine.

18.

Log on the test machine using an account that is not a member of the Managers group. You should see the default desktop background.

You are the network administrator for FlyByNight Airlines. The network consists of a single Active Directory domain. The functional level of the domain is Windows 2000 native. All network servers run Windows Server 2003, and all client computers run Windows XP Professional.

Some of your users are complaining that because you implemented a set of new group policies, it's taking noticeably longer for them to log on to their computers. You check your GPOs and notice that the affected users are having 10 GPOs applied5 with users settings and 5 with computer settings. What can you do to speed up their logon times?

You are the network administrator for FlyByNight Airlines. The network consists of a single Active Directory domain. The functional level of the domain is Windows 2000 native. All network servers run Windows Server 2003, and all client computers run Windows XP Professional.

You assign one of your junior administrators to create a GPO that changes the desktop on all the PCs in the Maintenance OU. He will need to link it to that GPO when it's completed.

Which of the following default groups must he be assigned to?

You are the network administrator for FlyByNight Airlines. The network consists of a single Active Directory domain. The functional level of the domain is Windows 2000 native. All network servers run Windows Server 2003, and all client computers run Windows XP Professional.

You assign one of your junior administrators to create a GPO that changes the desktop on all the PCs in the Kansas City Site. He will need to link it to that GPO when it's completed.

Which of the following default groups must he be assigned to?

You are the network administrator for CheapRides.com. The network consists of a single Active Directory domain, with a mixture of Windows XP Professional and Windows NT clients.

The general manager calls and says that he wants all users to have a standard desktop background with the company logo.

What would you do to accomplish this task?

You are the network administrator for CheapRides.com. The network consists of a single Active Directory domain. All network servers run Windows Server 2003, and all client computers run Windows XP Professional.

The general manager of the Kansas City location wants his users to have their own custom desktop settings. There is already a Corporate GPO in place with the corporate settings. The Kansas City users and computers are located in a separate OU named Kansas City.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

D. Because the computer section of the GPO is applied at machine startup, and the user section is applied at user logon, the best solution is to disable the user section in the GPOs that contain only computer settings. This would keep the system from trying to process them, and cut down on the logon overhead. Changing the order of the GPOs wouldn't help because everything still needs to be processed. The functional level of the domain is not the cause of the problem. See "Group Policy Overview."

A. By default, only members of the Enterprise or Domain Admins groups can link GPOs to a domain or OU, and only Enterprise Admins can link GPOs to sites. Members of the Group Policy Creator Owners group can create GPOs; however, they cannot link them to an object. The other groups are not default groups. See "Linking GPOs."

D. By default, only members of the Enterprise or Domain Admins groups can link GPOs to a domain or OU, and only Enterprise Admins can link GPOs to sites. Members of the Group Policy Creator Owners group can create GPOs; however, they cannot link them to an object. The other group is not a default group. "See Linking GPOs."

D. Group Policy is not supported on pre-Windows 2000 clients, so the task cannot be accomplished with the listed options. See "Group Policy Overview."

A and C. To accomplish this task, you will need to configure a new GPO, link it to the Kansas City OU, and block GPO inheritance on the properties page of the OU. See "Blocking Group Policy Inheritance."