You need to ensure that the domain’s Backup Operators group is a member of the local Backup Operators group on each member server

Your network contains an Active Directory domain named adatum.com.
The computer accounts for all member servers are located in an organizational unit (OU) named Servers.
You link a Group Policy object (GPO) to the ServersOU.
You need to ensure that the domain’s Backup Operators group is a member of the local Backup Operators
group on each member server. The solution must not remove any groups from the local Backup Operators
groups.
What should you do?

Your network contains an Active Directory domain named adatum.com.
The computer accounts for all member servers are located in an organizational unit (OU) named Servers.
You link a Group Policy object (GPO) to the ServersOU.
You need to ensure that the domain’s Backup Operators group is a member of the local Backup Operators
group on each member server. The solution must not remove any groups from the local Backup Operators
groups.
What should you do?

A.
Add a restricted group named adatum\Backup Operators. Add Backup Operators to the This group is a
member of list.

B.
Add a restricted group named adatum\Backup Operators. Add Backup Operators to the Members of this
group list.

C.
Add a restricted group named Backup Operators. Add adatum\Backup Operators to the This group is a
member of list.

D.
Add a restricted group named Backup Operators. Add adatum\Backup Operators to the Members of this
group list.

Explanation:
A: The Member Of list specifies which other groups the restricted group should belong to B: Needs to be added
to member of list
C: Wrong group
D: Wrong group
Restricted groups allow an administrator to define two properties for security-sensitive groups (that
is,”restricted” groups).
The two properties are Members and Member Of . The Members list defines who should and should not
belongto the restricted group. The Member Of list specifies which other groups the restricted group should
belong to.
When a restricted Group Policy is enforced, any current member of a restricted group that is not on
theMembers list is removed. Any user on the Memberslist which is not currently a member of the
restrictedgroup is added.
The Restricted Groups folder is available only in Group Policy objects associated with domains, OUs,and sites.
The Restricted Groups folder does not appear in theLocal Computer Policy object.
If a Restricted Group is defined such that it has no members (that is, the Members list is empty), then
allmembers of the group are removed when the policyis enforced on the system. If the Member Of list is
emptyno changes are made to any groups that the restricted group belongs to. In short, an empty Members
listmeans the restricted group should have no members while an empty Member Of list means “don’t care”
whatgroups the restricted group belongs to.

http://technet.microsoft.com/en-us/library/cc957640.aspx



Leave a Reply 16

Your email address will not be published. Required fields are marked *


Ebrahim Hasan

Ebrahim Hasan

The correct answer is ‘D’ because the question clearly said that “You need to ensure that the domain’s Backup Operators group is a member of the local Backup Operators
group”. This means that the domain’s Backup Operators group will be a member of the local Backup Operators group.
So you have to add a restricted group named Backup Operators and then you add the domain’s Backup Operators group into the “member of” list of the local Backup Operators group.

Gb

Gb

Wrong, because the question also says “The solution must not remove any groups from the local Backup Operators groups.”
If you do it like you described, you will suceed but the other groups will be remove.

Ans A is correct, create a group adatum\Backup Operators and on the settings inlcude to “This group is a member of”, the local Backup Operators.
This way the local Backup Operators group will retain its members and include adatum\Backup Operators.

If it still not clear watch https://www.youtube.com/watch?v=9INahehBtVI

Peter

Peter

I watched it and the answer is A definitelly

SQD

SQD

The correct answer is still ‘A’.

Paige

Paige

But it won’t do anyone any good unless you can attract readers to your articles.
When marketing outsourcing is used, every strategy, every media, and
ev. Marketing plans for sports should follow all of these
guidelines to create the ultimate plan for their goals.

han

han

Answer should be A.
Read the question to the end. You should not remove any existing groups from the local Backup Operators. So, you can only use ‘Memeber of’ section.
Now you want to add Domain Backup Operators group to local Backup Operators group.
So you create ‘Domain\Backup Operators’ and add local ‘Backup Operators’ to ‘This group is member of’.

Note, ‘This Group is member of’ is used to add new group not clearing existing membership. Also, this restricted group is for local group, but you can begin adding with domain group or local group. Confused? Watch the video posted by SQD.

han

han

This is my note, it may help to understand difference between the members and member of list in Restricted Group:

*Group Policy/Computer Configuration/Windows Settings/Security Settings/Restricted Groups:
-You can start create an entry adding domain or local group account.

-Members of this group:
Usually used for adding domain group to local group. It clears existing membership and add new groups in the ‘Members’ list.

ex) Clear and Add only Domain backup operators to local backup operators.
Type and add ‘Backup Operators'(local Backup operators) to create an entry, then add ‘Domain\Backup Operators’.

-‘This group is a member of’:
Used when just adding domain group to local group not clearing the existing list.
ex) Add Domain backup operators to local backup operators group.
Type and add ‘Domain\Backup Operators’ (Domain backup operators) to create an entry, then add ‘Backup Operators’ (local backup operators).

JohnyBoy

JohnyBoy

The restricted group must be named “Backup Operators”

Now it’s clear that adatum\backup operators must be member of the “Members of” list

http://technet.microsoft.com/en-us/library/cc756802(v=WS.10).aspx

The “Members” list will define the exact groups that will be added to the group.

Problem here is indeed english. Quite confusing.

But I believe answer is the one that have: “Member of list” sentence.

I vote C.

Ofmgladiator

Ofmgladiator

A is correct. If you right click and just add “Administrators”, then choose adatum/backup operators in “members of this group”, then all the other accounts will be deleted except from backup operators that you add.

You have to right click and choose “add group”, then type adatum\backup operators, then in the next dialog box, you choose “This group is a member of”, and add the local backup account there. This options will add adatum/backup operators, without deleting the other accounts.

confirmed it in my lab, and it works fine!

Ruslan

Ruslan

I’m absolutely sure that correct answer is A

Ali Dayi

Ali Dayi

The correct answer is C. As some people have suggested, this is the video to watch:
https://www.youtube.com/watch?v=9INahehBtVI

So the group to add must be LOCAL!
Add group —> Backup Operators

Then add the DOMAIN account to the member of list!

C is the right answer.

Jack Casey

Jack Casey

When you add the Restricted Group “Backup Operators”, it’s talking about a condition that will be placed on the local Backup Operators group located on each server. It goes in as just “Backup Operators” (not “adatum\Backup Operators”) so that puts it between C and D. The goal is to make the domain Backup Operators group a member of the local Backup Operators group on each server, so the answer is D “Members of this group”.

Gb

Gb

After watching the youtube link posted above, I am pretty shure A is correct.
you will add adatum\Backup Operators to local Backup Operators without overwriting, just adding.

Ali

Ali

“The solution must not remove any groups from the local Backup Operators
groups.” —-> The solution must be A or C (“This group is a member of”).

by practice, We can’t add a restricted group named “adatum\Backup Operators”, although “Backup Operators” here is the domain group since we use “This group is a member of” list

The solution is C