Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
61 Cards in this Set
- Front
- Back
|
Why is using Block Inheritance generally a bad idea?
|
it makes it difficult to determine precedence and inheritance
|
|
|
What should be used instead of Block Inheritance to control GPO application?
|
security group filtering
|
|
|
What does selecting Enforced for a GPO link do?
|
makes settings for that GPO override any conflicts with other GPO's
|
|
|
What happens when an OU has Block Inheritance but an upstream GPO link has Enforced set?
|
the GPO is applied
|
|
|
What two permissions are required for a GPO to apply to a user or computer?
|
Allow Read and Allow Apply Group Policy
|
|
|
What sort of groups can be used to filter GPO's?
|
global security groups only
|
|
|
What technology can be used to apply GPO's only to a particular class of machine (Windows XP, machines with SP3, etc.)?
|
Windows Management Instrumentation (WMI)
|
|
|
What tool is used to apply a WMI filter to Group Policy?
|
Group Policy Management (GPME)
|
|
|
What are two drawbacks of using WMI to filter Group Policy?
|
it has a heavy impact on performance and they can't be used by Windows 2000
|
|
|
What does a Windows 2000 machine do with a Group Policy Object with a WMI filter?
|
it will ignore the filter and apply the GPO
|
|
|
How can performance be optimized if a GPO contains only user or computer settings?
|
the unused node can be disabled
|
|
|
How can a GPO be used to assist in the case of a disaster, security incident, etc.?
|
Create an appropriate GPO, apply, and disable. Enable when needed.
|
|
|
What new technology eliminates some need for multiple GPO's?
|
Preferences
|
|
|
What order are GPO's applied in?
|
local, site, domain, OU
|
|
|
Which takes precedence, GPO's applied first or last?
|
GPO's applied later overwrite earlier GPO's
|
|
|
In what order are enforced GPO's added?
|
after non-enforced GPO's, then in reverse order (OU, domain, and site)
|
|
|
How often do Group Policy settings refresh by default?
|
every 90-120 minutes
|
|
|
What is Loopback Policy Processing?
|
a feature that allows user's settings on a particular computer to be controlled by the settings in the Computer node, rather than from User node
|
|
|
Where might Loopback Policy Processing be used?
|
in environments where it's important that a computer be configured a certain way no matter who logs on (conference rooms, classrooms, etc.)
|
|
|
Where is the User Group Policy Loopback Processing Mode policy located?
|
Computer Configuration\Policies\Administrative Templates\System\Group Policy
|
|
|
What are the two modes for User Group Policy Loopback Processing Mode?
|
Replace and Merge
|
|
|
What two tools are used (in addition to GPME) to support Group Policy administration?
|
Resultant Set of Policy (RSOP) and Group Policy Operational Logs
|
|
|
What three tools can be used to perform RSoP analysis?
|
Group Policy Results Wizard, Group Policy Modeling Wizard, and gpresult.exe
|
|
|
What tool can be used to predict the effects of a change on Group Policy?
|
Group Policy Modeling Wizard
|
|
|
What tool can be used to predict the effects of a change on Group Policy?
|
Group Policy Modeling Wizard
|
|
|
What tool is used to predict the effect of changes on Group Policy?
|
Group Policy Modeling Wizard
|
|
|
What are two settings in Restricted Groups policy settings?
|
This group is a member of (MemberOf) and Members of this group (Members)
|
|
|
What happens if multiple GPO's with the MemberOf policy are applied?
|
The effects are cumulative- all listed groups will be members
|
|
|
What happens if multiple GPO's with the Members policy are applied?
|
only the last GPO applied will take effect
|
|
|
What happens when one GPO specifies the Members of this group Restricted Groups policy and a later GPO specifies members with the This group is a member of policy?
|
membership is initially set by the first GPO, but other members are added by the later GPO
|
|
|
What format do security templates take?
|
text files with a .inf extension
|
|
|
What happens when a security template is applied to an Active Directory object?
|
the template becomes part of the GPO associated with the object
|
|
|
What happens when a security template is applied directly to a computer?
|
it becomes part of the computer's local policies
|
|
|
What is the procedure to apply a security template to a computer?
|
use Security Configuration and Analysis snap-in to create a database, import the template into the database, and apply the database
|
|
|
What command-line command performs the same functions as the Security Configuration and Analysis snap-in?
|
secedit.exe
|
|
|
What two advantages does secedit.exe have over the Security Configuration and Analysis snap-in?
|
it can be used in script and batch files, and it can be used to apply only part of a template?
|
|
|
What tool is used to create security policies?
|
the Security Configuration Wizard
|
|
|
What are security policies based on?
|
the roles the server performs
|
|
|
What command will change the location of the Security Configuration Wizard database files?
|
scw.exe /kb
|
|
|
What are the four categories in a security policy?
|
Role-Based Service Configuration, Network Security, Registry Settings, and Audit Policy
|
|
|
What does the Role-Based Service Configuration category of a security policy do?
|
defines the startup state of services based on a server's role
|
|
|
What does the Network Security category of a security policy do/
|
configures Windows Firewall
|
|
|
What does the Registry Settings category of a security policy do?
|
configures protocols used to communicate with other computers
|
|
|
What should you do if a security policy has an undesired effect?
|
start the Security Configuration Wizard and select Rollback The Last Applied Security Policy
|
|
|
What command-line command will launch the Security Configuration Wizard?
|
scwcmd.exe
|
|
|
What are the three methods of deploying a security policy?
|
with the Security Configuration Wizard, scwcmd.exe, and by transforming it into a GPO
|
|
|
What command will transform a security policy into a GPO?
|
scwcmd.exe transform
|
|
|
What format do security policies use?
|
XML
|
|
|
What is the successor to SMS?
|
Microsoft System Center Configuration Manager
|
|
|
What type of files does Windows Installer use?
|
MSI files
|
|
|
What two types of files can be used to customize Windows Installer packages?
|
Transform (.mst) and Patch (.msp) files
|
|
|
What is the difference between assigning and publishing applications?
|
assigned applications are mandatory, and published applications are optional
|
|
|
What entities can be assigned software?
|
users and computers
|
|
|
What entities can have software published to them?
|
users only
|
|
|
When is an application assigned to a user installed?
|
the first time a user activates the application
|
|
|
When is an application assigned to a computer installed?
|
when the computer starts
|
|
|
When is a published application installed?
|
When it is selected through Add/Remove Programs (XP) or Programs And Features (2008/Vista) or when a user opens a file type associated with the application
|
|
|
What is an SDP?
|
a shared folder from which users and computers can install published or assigned software
|
|
|
Why is it generally a better idea to assign a piece of software to a computer than to a user?
|
software licenses are generally per computer
|
|
|
What is the default definition of a slow link?
|
< 500Kb/second
|
|
|
What does GPSI do when it detects a slow link?
|
it does not install software
|
