You need to ensure that a user named User1 can linkand unlink Group Policy objects (GPOs) to OU1

Your network contains an Active Directory domain named contoso.com. The domain contains 100 user
accounts that reside in an organizational unit (OU)named 0U1.
You need to ensure that a user named User1 can linkand unlink Group Policy objects (GPOs) to OU1.
The solution must minimize the number of permissions assigned to User1.
What should you do?

Your network contains an Active Directory domain named contoso.com. The domain contains 100 user
accounts that reside in an organizational unit (OU)named 0U1.
You need to ensure that a user named User1 can linkand unlink Group Policy objects (GPOs) to OU1.
The solution must minimize the number of permissions assigned to User1.
What should you do?

A.
Modify the permissions on OU1.

B.
Run the Set-GPPermissioncmdlet.

C.
Add User1 to the Group Policy Creator Owners group.

D.
Modify the permissions on the User1 account.



Leave a Reply 6

Your email address will not be published. Required fields are marked *


Green Hosting

Green Hosting

the answer for this question is very confusing

If there is “Run the Delegation of Control Wizard on OU1.” this will be the answer

if without this, I do see some dump mention “Run the Set-GPPermissioncmdlet.”

some others mention “Modify the permissions on OU1.”

so which one is correct?

Some Body

Some Body

B seem to be the only logical answer. Set-GPPermissioncmdlet Grants a level of permissions to a security principal (user, security group, or computer) for one GPO or all the GPOs in a domain.

I can’t see how Modifying the permissions on OU1 would help.

If you go through the delegation wizard, there is a “Manage GPO links” option, so that would be and option if its available.

Peter

Peter

Technet for Set-GPPermissions says “The valid permission levels are: GpoRead, GpoApply, GpoEdit, GpoEditDeleteModifySecurity or None.” – so we have problem with minimize permissions with this.

So, for me answer A with delegation option.

Mark Baker

Mark Baker

I think A is the correct answer. As I understand it running the Delegation wizard simply modifies the permissions of the OU, so Answer A is the manual equivalent of the wizard.
The Set-GPPermission cmdlet Grants a level of permissions to a security principal (user, security group, or computer) for one GPO or all the GPOs in a domain. The question asks that user 1 can link and unlink objects, so you would have to use Set-GPPermission for every GPO they needed to link/unlink which doesnt minimize the number of permissions assigned to User1.

Mark

Mark

Answer is indeed A:

Go into Group Policy Management. Click on an OU. Go to the Delegation tab>

The following groups and users have the selected permissions for the OU:

You then have a drop down menu of PERMISSIONS. One of those being Link GPO’s. Also “Perform Group Policy and Modeling Analysis” and “Read Group Policy Results Data”

M Chung

M Chung

This seems to be a more correct form of the question (and answers):

Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy. You deploy a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. You configure all of the client computers to use Server1 as their primary DNS server. You need to prevent Server1 from attempting to resolve Internet host names for the client computers. What should you do on Server1?

A. Configure the Security settings of the contoso.com zone.
B. Remove all root hints.
C. Create a primary zone named “.”.
D. Create a primary zone named “root”.
E. Create a primary zone named “GlobalNames”.
F. Create a forwarder that points to 169.254.0.1.
G. Create a stub zone named “root”.
H. Create a zone delegation for GlobalNames.contoso.com.

Answer: BC