1. | After assigning an application in a GPO that is linked to an organizational unit, you instruct the users to look for the application in their Start menu. They do not see the application. What do you need to do in order for the application to show up?
|
|
2. | To which of the following locations can GPOs be linked? (Choose all that apply.)
|
|
3. | A member of your administration team has edited the Default Domain Policy and the edit had an adverse affect. How can you restore the Default Domain Policy to its original settings?
|
|
4. | If you want to delegate authority to link GPOs at the domain level but do not want to add the user to the Domain Admins group, which of the following permissions should you give them?
|
|
5. | You have edited the Default Domain Policy and decide that you should make a backup of your changes in case something happens so that you can easily restore it. Which utility should you use to back up and restore the Default Domain Policy?
|
|
6. | You decide to set account lockout restrictions via Group Policy. Where will you link the GPO?
|
|
7. | You have all of your users separated into OUs based on job function and department. You decide to create a GPO and configure it to publish an application to everyone in the Accounting group so that when they click on a file that is associated with the application, the application will automatically load onto their system. Your accounting staff has ten employees in the main office, and one each in two other branches. Both branches are connected via a fast WAN connection that is not overconsumed. The application is only 2.5 MB and you have determined that it will not adversely affect the WAN link. Where is the best place to link the GPO?
|
|
8. | You have a network that consists of ten locations. All locations have sites defined. All users are grouped into OUs by job function and department. You have three domains in your forest. Your Atlanta, Detroit, and Cleveland offices have their own domains. Each of the ten offices holds users from every department in the company. You decide to implement IPSec settings for the Atlanta office, and you create a GPO with those settings. Where can you link the GPO? (Choose all that apply.)
|
|
9. | Software can be installed automatically by Group Policy as long as which of the following requirements is met?
|
|
10. | You are the administrator of a Windows Server 2003 forest that has three domains. You would like the members of the Domain Admins global group from the other domains to create GPOs for their own domains, but you would like final approval before they are implemented on the live network. The domain admins at the forest level should be the only users who have the ability to apply GPOs. What would be the best choice for this situation?
|
|
Answers
1. | D. Application assignment takes effect at logon only, so the user will need to log on and log off their computer for the changes to apply. |
2. | A, B, D. GPOs can only be applied to sites, domains, and OUs. |
3. | A. The command line utility dcgpofix.exe is a new utility that is included with Windows Server 2003. It allows an administrator to restore the Default Domain Policy. |
4. | C. In order to link GPOs at the domain level, a user will need to be a member of the Domain Admins global group, or have the Manage Group Policy Links permission delegated to them. |
5. | D. The GPMC allows you the ability to back up and restore GPOs. This utility lets you back up and restore custom GPOs, as well as the built-in Default Domain Policy and Default Domain Controllers Policy. If you have modified the Default Domain Policy or the Default Domain Controllers Policy, the GPMC s backup and restore policy can recover the changed policies so that you do not lose your changes. This is a better solution than dcgpofix , because dcgpofix will only let you restore the Default Domain Policy and Default Domain Controllers Policy back to their default settings. Windows 2003 Backup will back up and restore the system state of the server, but not individual GPOs and ASR will back up and restore the operating system in case of a disaster, but just like Backup, it will not back up the individual GPOs. |
6. | B. Although there are guidelines when it comes to linking GPOs, there are also times when linking at certain levels is required. Some settings, such as account lockout settings, can only be set at the domain level. You will not be able to set any of the account policy, lockout policy or Kerberos policy settings anywhere but the Default Domain Policy. |
7. | B. Based on the criteria listed in the question, it would make the most sense to link the GPO at the Accounting OU. The majority of users are located in one office, and only two users are located at remote branches. Both of those branches have fast connections, so installation is not going to overconsume bandwidth on the WAN links. |
8. | A, C. Because the Atlanta office has its own domain and its own site, either of these locations would suffice. |
9. | B. IntelliMirror is a Microsoft technology that Group Policy takes advantage of to push out software packages. In order for Group Policy to automate application installation, the software must be written with IntelliMirror in mind. |
10. | C. The Domain Admins group will have rights to edit GPOs for their own domain. If you remove the Link Group Policy Object right from the users in the Domain Admins group, they will be able to edit existing GPOs and create new GPOs, but they will not be able to implement new GPOs. (However, smart administrators will be able to change their permissions back!) |