Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
38 Cards in this Set
- Front
- Back
|
What is the least and most influencial of all GPOs?
|
The local group policy is the least and the Organizational Unit (OU) is the greatest.
L S D OU (least to most) |
|
|
What permissions are necessary for a group to delegate control of a GPO?
|
Read and Write.
|
|
|
What is the format of a Group Policy's name?
|
[GivenName] [DCname.domainname] Policy
Example: IT logon [dc1.semcogdom.local] Policy |
|
|
What GP settings are found in both the computerand user configuration settings?
|
Software Settings
Windows Settings Administrative Templates |
|
|
Desribe the difference between "assigning" and "publishing" applications via GP.
|
Assigning installs the application whereas publishing makes it available. You cannot publish to a computer; only a user.
|
|
|
In Group Policies, what are the two items under Windows Settings that are under both Computers and Users?
|
Scripts and Security Settings.
|
|
|
What scripting languages work in GP?
|
VBScript, JScript, Perl, and MS-DOS batch (.bat and .cmd) files.
|
|
|
The settings under Administrative Templates that are common to both Computers and Users are?
|
Windows Components
System Network. |
|
|
Where in the registry are the Administrative Template settings kept for Computers and Users?
|
Computers: HKLM - HKEY_LOCAL_MACHINE.
Users: HKCU - HKEY_CURRENT_USER |
|
|
What two services start as the computer boots to obtain an ordered list of GPOs?
|
Remote Procedure Call System Service (RPCSS) and
Multiple Universal Naming Convention Provider (MUP) |
|
|
What if two GPs have conflicting settings and both are set to "No Override"?
|
The GP hiest in the Active Directory hierarch takes precedence.
|
|
|
To where is the Block Policy Inheritance applied? To the GPO, to the GPO link or to hte Site, domain or OU?
|
Block Policy Inheritance is applied to the entire Site, domain or OU, thus deflecting all GP settings that reach it.
|
|
|
In Active Directory, what is Loopback?
|
An exception in the order GPs are applied. Often used for Kiosks, laboratories and classrooms.
|
|
|
In the order of GPs being applied, what is the Replace mode?
|
Computer GPOs replace the user GPOs.
|
|
|
Which GPs prevail, an inherited GP or an explicitly applied GP?
|
Explicitly applied GP.
|
|
|
Are "not configured" settings passed on to child containers?
|
No. Enabled and disabled are.
|
|
|
What are the default permissions of Authenticated Users in GPOs?
|
Read, Apply Group Policy, Special Permissions
|
|
|
What are teh default permissions of Creator Owner in GPOs?
|
Special Permissions
|
|
|
Of the GPOs linked to a location, what order are they processed in and which ones have the highest priority?
|
The highest priority is the GPO at the top. The processing starts at the bottom and may be overridden by subsequent GPOs.
|
|
|
Where do you configure the Loopback setting?
|
In the settings of the GPO itself. Computers > Administrative Templates > System > Group Policy > "Use Group Policy Loopback processing mode."
|
|
|
What are the two modes of the Loopback Processing Mode?
|
Replace: Replaces the user settings with the computer settings.
Merge: Appends the group policy at logon with the startup computer policy. |
|
|
If you want to filter out a GPO so it does not apply to some user/group, what, besides the obvious "Apply Group Policy", do you select "Deny"?
|
Read
|
|
|
List "Employing Group Policy Best Practices", p 318
|
1. Disable unused portions of Goup Policy, Computer or User.
2. Avoice regualr use of Block Policy Inheritance and No Override. Make troubleshooting more complicated. 3. Minimize the number of GPOs applied to users and computers. Slows down boot process. 4. Filter policies based on security group membership. These users/groups do not process those GPOs. |
|
|
There are 5 security groups by default for each new GPO. List them and their permissions.
|
1. Authenticted Users - Read & Apply Group Policy.
2. Creator Owner - None. All blank. Special Permissions all apply to child objects 3. Domain Admins - All but Full and Apply Group Policy 4. Enterprise Admins - Same as above. 5. System - Same as above. |
|
|
In User Configuration, what is the only Security Setting that can be set?
|
To Create a Certificate Trust list.
|
|
|
Under Computer Configuration, the security settings are broken down into 9 areas. What are they?
|
1. Account Policies.
2. Local Policies. 3. Event Log. 4. Restricted Groups. 5. System Services. 6. Registry Services. 7. File System. 8. Public Key Policies. 9. IP Security Policies. |
|
|
Why should you not configure account policies for OUs that do not contain any computers?
|
Because account policies are only in the Computer Configuration section.
|
|
|
Why is there a minimum password age setting?
|
Because combined with the "Enforce Password History" it prevents users from circumventing the Maximum Password Age policy.
|
|
|
What are the requirements of the "Passwords Must Meet Complexity Requirements"?
|
The password must contain at least one of each of the following: uppercase, lowercase, numbers, and symbols (!@#, etc.)
|
|
|
Can a user be added to a group even though their name is not in the Restricted Groups list?
|
Yes, but the next time that Group Policies are applied, they will be removed.
|
|
|
What is the purpose of Registry under the Security Settings of the Computer Configuration?
|
Allows you to set access permissions for registry keys and file system elements. It does not change the registry settings.
|
|
|
What are the three policies found under "IP Security Policies on Active Directory"?
|
1. Client (Respond Only) Computer supports but never initiates IPSec communication.
2. Secure Server (Require Security). Computer can only communicate using IPSec. 3. Server (Request Security). A computer attempts to initiate IPSec communication, but can still support unsecured communication if necessary. |
|
|
What is the old and the current command line commands for refreshing the GPOs?
|
Old: Secedit /refreshpolicy Machine_policy and user_policy.
Current: gpupdate. |
|
|
When an administrator tries to open a GPO and receives the message "Failed to Open the Group Policy Object, what is the root cause?
|
A failure in DNS.
|
|
|
What is the role of membership in security groups play in the administration of GPOs?
|
This is used ONLY for filtering. A user or computer MUST be in at least one security group that has the Read permission set to Allow and one security group that has the Apply Group Policy permission set to allow. The application of a GPO must come from the linking to a site, a domain or an Organizational Unit.
|
|
|
Which takes precedence, "Block Policy Inheritance" or "No Override"?
|
"No Override" wins.
|
|
|
How do you apply a GPO which is in a container that is not a Site, Domain or OU?
|
By linking it to an OU which is a parent of the container.
|
|
|
Why do shortcuts of a program which Windows Installer uninstalled, still appear on the desktop?
|
Because those were placed there by the user and the program has no knowledge of them.
|
