Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
45 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
Abbrev : GPOs
|
Group Policy objects
|
|
|
|
Abbrev : GPMC
|
Group Policy Management Console
|
|
|
|
GPME
|
Group Policy Management Editor
|
|
|
|
Policy Setting states ?
|
A policy setting can have three states:
Not Configured, Enabled, and Disabled. |
|
|
|
A single GPO can be linked to more than one site or OU.
|
A single GPO can be linked to more than one site or OU.
|
|
|
|
What is the Scope of the GPO : Security Filters ?
|
You can narrow the <b>scope of the GPO<\b> with one of two types of filters:
Security Filters that specify global security groups to which the GPO should or should not apply. |
|
|
|
WMI
|
Windows Management Instrumentation
|
|
|
|
What do Windows Management Instrumentation (WMI) filters do for the scope of a GPO ?
|
Windows Management Instrumentation (WMI) filters that specify a scope,
using characteristics of a system such as operating system version or free disk space. |
|
|
|
Abbrev : RSoP ?
|
Resultant Set of Policy
|
|
|
|
What is the Resultant Set of Policy (RSoP) ?
|
Users or Computers are likely to be within the scope of multiple GPOs linked to the sites, domain, or OUs in which the users or computers exist.
This leads to the possibility that policy settings might be configured differently in multiple GPOs. You must be able to understand and evaluate the Resultant Set of Policy (RSoP), which determines the settings that are applied by a client when the settings are configured divergently in more than one GPO. |
|
|
|
Refresh settings for Policy settings in the Computer Configuration node ?
|
Policy settings in the Computer Configuration node are applied at
system startup and every 90–120 minutes thereafter. |
|
|
|
Policy Refresh settings User Configuration policy settings ?
|
User Configuration policy settings are
applied at logon and every 90–120 minutes thereafter. |
|
|
|
Manual Refresh of Group policy settings is done using ?
|
gpupdate.exe
/force /logoff /target: { computer | user } /wait: value /boot |
|
|
|
What are the tools associated with Group Policy Updation ?
|
Gpupdate
Secedit FLEX COMMAND FLEX COMMAND: Help in group updates of workstation. It can be applied directly to OUs etc |
|
|
|
Abbrev : CSEs
|
Client-Side Extensions
|
|
|
|
Security settings are reapplied every 16 hours even if a GPO has not changed.
|
Security settings are reapplied every 16 hours even if a GPO has not changed.
|
|
|
|
Always Wait For Network At Startup And Logon policy setting
|
Without this setting, by default, Windows XP and Windows Vista clients perform only background refreshes, meaning that a client might start up and a user might log on without receiving the latest policies from the domain.
|
|
|
|
GPSI
|
Group Policy Software Installation
|
|
|
|
startup,logon, logoff, and shutdown scripts will not run
if the user is disconnected from the Enterprise Network. |
startup,logon, logoff, and shutdown scripts will not run
if the user is disconnected from the Enterprise Network. |
|
|
|
If a user is disconnected from the Enterprise network does group policy still apply itself ?
|
Yes, The previously applied group policy settings are still applied.
|
|
|
|
The local GPO exists whether or not
the computer is part of domain, workgroup, or a non-networked environment. |
The local GPO exists whether or not
the computer is part of domain, workgroup, or a non-networked environment. |
|
|
|
By default, only the Security Settings policies
are configured on a system’s local GPO. All other policies are set at Not Configured |
By default, only the Security Settings policies
are configured on a system’s local GPO. All other policies are set at Not Configured |
|
|
|
When AD DS is installed,
two default GPOs are created ■ Default Domain Policy ■ Default Domain Controllers Policy |
■ Default Domain Policy : This GPO is linked to the domain and has no security group or WMI filters.
■ Default Domain Controllers Policy : This GPO is linked to the Domain Controllers OU. Because computer accounts for domain controllers are kept exclusively in the Domain Controllers OU, and other computer accounts should be kept in other OUs, this GPO affects only domain controllers. |
|
|
|
Abbrev: GUID ?
|
globally unique identifier
|
|
|
|
By default, when Group Policy refresh occurs, the CSEs apply settings in a GPO only if the GPO has been updated
|
By default, when Group Policy refresh occurs, the CSEs apply settings in a GPO only if the
GPO has been updated |
|
|
|
Describe the default Group Policy processing behavior, including refresh intervals and CSE application of policy settings
|
Every 90–120 minutes, the Group Policy Client service determines which GPOs are scoped to the user or computer and downloads any GPOs that have been updated, based on the GPOs’ version numbers.
CSEs process the policies in the GPOs according to their policy processing configuration. By default, most CSEs apply policy settings only if a GPO has been updated. Some CSEs also do not apply settings if a slow link is detected. |
|
|
|
Abbrev : DRA
|
Directory Replication Agent
|
|
|
|
Group Policy Storage ?
|
The GPC is an Active Directory object stored in the Group Policy Objects container
within the domain naming context of the directory. Like all Active Directory objects, each GPC includes a globally unique identifier (GUID) attribute that uniquely identifies the object within Active Directory. The GPC defines basic attributes of the GPO, but it does not contain any of the settings. The settings are contained in the GPT, a collection of files stored in the SYSVOL of each domain controller in the %SystemRoot%\SYSVOL\Domain\Policies\GPO GUID path, where GPO GUID is the GUID of the GPC. When you make changes to the settings of a GPO, the changes are saved to the GPT of the server from which the GPO was opened |
|
|
|
Scripting Languages that can be used to write code for Group Policy in Windows Server 2008
|
Microsoft Visual Basic, Scripting Edition (VBScript), Microsoft JScript, Perl, and Microsoft MS DOS style batch files (.bat and .cmd).
|
|
|
|
GPO is actually two components: a
Group Policy Container (GPC) and Group Policy Template (GPT) |
GPO is actually two components: a
Group Policy Container (GPC) and Group Policy Template (GPT) |
|
|
|
Abbrev : KCC
|
Knowledge Consistency Checker
|
|
|
|
How is Group Policy Container GPC of GPO replicated ?
|
The GPC in Active Directory is replicated by the Directory Replication Agent (DRA) using a topology generated by the Knowledge Consistency Checker (KCC).
|
|
|
|
The GPT in the SYSVOL is replicated using one of two technologies.
The File Replication Servicev(FRS) is used to replicate SYSVOL in domains running Windows Server 2008, Windows Server 2003, and Windows 2000. If all domain controllers are running Windows Server 2008, you can configure SYSVOL replication, using Distributed File System Replication (DFS-R), a much more efficient and robust mechanism. |
The GPT in the SYSVOL is replicated using one of two technologies.
The File Replication Servicev(FRS) is used to replicate SYSVOL in domains running Windows Server 2008, Windows Server 2003, and Windows 2000. If all domain controllers are running Windows Server 2008, you can configure SYSVOL replication, using Distributed File System Replication (DFS-R), a much more efficient and robust mechanism. |
|
|
|
What does the Group Policy Verification Tool Gpotool.exe do ?
|
Gpotool.exe is used to troubleshoot GPO status,
including problems caused by the replication of GPOs, leading to inconsistent versions of a GPC and GPT |
|
|
|
In both the Computer Configuration and User Configuration nodes,
the Administrative Templates node contains registry-based Group Policy settings. |
In both the Computer Configuration and User Configuration nodes,
the Administrative Templates node contains registry-based Group Policy settings. |
|
|
|
Policies in the Administrative Templates node in the Computer Configuration node modify
registry values in the HKEY_LOCAL_MACHINE (HKLM) k |
Policies in the Administrative Templates node in the Computer Configuration node modify
registry values in the HKEY_LOCAL_MACHINE (HKLM) k |
|
|
|
Policies in the Administrative Templates node in the
User Configuration node modify registry values in the HKEY_CURRENT_USER (HKCU) key. |
Policies in the Administrative Templates node in the
User Configuration node modify registry values in the HKEY_CURRENT_USER (HKCU) key. |
|
|
|
ADM and ADMX/ADML administrative templates can coexist.
These are administrative templates files |
ADM and ADMX/ADML administrative templates can coexist.
These are administrative templates files |
|
|
|
Another new Group Policy feature in Windows Server 2008 is starter GPOs.
A starter GPO contains Administrative Template settings |
Another new Group Policy feature in Windows Server 2008 is starter GPOs.
A starter GPO contains Administrative Template settings |
|
|
|
Starter GPOs can contain only Administrative Templates policy settings.
|
Starter GPOs can contain only Administrative Templates policy settings.
|
|
|
|
You can centralize the management of administrative templates by creating a central store
|
You can centralize the management of administrative templates by creating a central store
|
|
|
|
Windows Server 2008 also adds the ability to attach comments to GPOs and policy settings
|
Windows Server 2008 also adds the ability to attach comments to GPOs and policy settings
|
|
|
|
1. Litware, Inc., has three business units,
each represented by an OU in the litwareinc.com domain. The business unit administrators want the ability to manage Group Policy for the users and computers in their OUs. Which actions do you perform to give the administrators the ability to manage Group Policy fully for their business units? (Choose all that apply. Each correct answer is a part of the solution.) A. Copy administrative templates from the central store to the Policy Definitions folder on the administrators’ Windows Vista workstations. B. Add business unit administrators to the Group Policy Creator Owners group. C. Delegate Link GPOs permission to the administrators in the litwareinc.com domain. D. Delegate Link GPOs permission to the each business unit’s administrators in the business unit’s OU. |
1. Correct Answers: B and D
A. Incorrect: The central store is used to centralize administrative templates so that they do not have to be maintained on administrators’ workstations. B. Correct: To create GPOs, the business unit administrators must have permission to access the Group Policy Objects container. By default, the Group Policy Creator Owners group has permission, so adding the administrators to this group will allow them to create new GPOs. C. Incorrect: Business unit administrators require permission to link GPOs only to their business unit OU, not to the entire domain. Therefore, delegating permission to link GPOs to the domain grants too much permission to the administrators. D. Correct: After creating a GPO, business unit administrators must be able to scope the GPO to users and computers in their OU; therefore, they must have the Link GPOs permission. |
|
|
|
You are an administrator at Contoso, Ltd.
The contoso.com domain has a child domain, es.contoso.com, for the branch in Spain. Administrators of that domain have asked you to provide a Spanish-language interface for Group Policy Management Editor. How can youprovide Spanish-language versions of administrative templates? A. Log on to a domain controller in the es.contoso.com domain, open %SystemRoot% \SYSVOL\domain\Policies\PolicyDefinitions, and copy the ADM files to the ESfolder. B. Copy ADML files to the \\es.contoso.com\SYSVOL\es.contoso.com\policies\PolicyDefinitions\es folder. C. Log on to a domain controller in the es.contoso.com domain, open %System- Root%\SYSVOL\domain\Policies\PolicyDefinitions, and copy the ADMX files to the ES folder. D. Install the Boot.wim file from the Windows Server 2008 CD on a domain controller in the child domain. |
|
|
|
|
You are an administrator at Contoso, Ltd. At a recent conference, you had a conversation
with administrators at Fabrikam, Inc. You discussed a particularly successful set of configurations you have deployed using a GPO. The Fabrikam administrators have asked you to copy the GPO to their domain. Which steps can you and the Fabrikam administrators perform? A. Right-click the Contoso GPO and choose Save Report. Create a GPO in the Fabrikam domain, right-click it, and choose Import. B. Right-click the Contoso GPO and choose Back Up. Right-click the Group Policy Objects container in the Fabrikam domain and choose Restore From Backup. C. Right-click the Contoso GPO and choose Back Up. Create a GPO in the Fabrikam domain, right-click it, and choose Paste. D. Right-click the Contoso GPO and choose Back Up. Create a GPO in the Fabrikam domain, right-click it, and choose Import Settings. |
Correct Answer: D
A. Incorrect: A saved report is an HTML or XML description of a GPO and its settings. It cannot be imported into another GPO. B. Incorrect: The Restore From Backup command is used to restore a GPO in its entirety. C. Incorrect: You cannot paste settings into a GPO. D. Correct: You can import settings to an existing GPO from the backed-up settings of another GPO. |
|
