Your network contains an Active Directory domain named contoso.com. The domain contains 100 user
accounts that reside in an organizational unit (OU)named OU1.
You need to ensure that a user named User1 can linkand unlink Group Policy objects (GPOs) to 0U1.
The solution must minimize the number of permissions assigned to User1.
What should you do?
A.
Add User1 to the Group Policy Creator Owners group.
B.
Run the Set-GPPermissioncmdiet.
C.
Modify the permission on the \\Contoso.com\SYSVOL\Contoso.com\Policies folder.
D.
Run the Delegation of Control Wizard on OU1.
Explanation:
Set-GPPermission
Grants a level of permissions to a security principal for one GPO or all the GPOs in a domain.
Grants a level of permissions to a security principal (user, security group, or computer) for one GPO or all the
GPOs in a domain.
Answer: D
Set-GPPermission grants a level of permission such as read or write, Delegation can grant permission to link/unlink GPO Only
as per observation, if answer without D, we can select B
Answer: D
Explanation:
Set-GPPermission grants a level of permission such as read or write, Delegation can grant permission to link/unlink GPO Only
To delegate Group Policy object linking
Open Active Directory Users and Computers.
Right-click the organizational unit to which you want to delegate the right to link Group Policy objects, and then click Delegate Control.
In the Delegation of Control Wizard, click Next, and then click Add.
In the Select Users, Computers, or Groups dialog box, enter the object name to select, and then click OK, and then click Next.
On the Task to Delegate page, in Delegate the following common tasks, select the Manage Group Policy links check box, and then click Next.
Click Finish.
Set-GPPermission
Grants a level of permissions to a security principal (user, security group, or computer) for one GPO or all the GPOs in a domain.
Set-GPPermissions -All -PermissionLevel -TargetName -TargetType { | | } [-Domain ] [-Replace] [-Server ] [-Confirm] [-WhatIf] []
PermissionLevel
Specifies the permission level to set for the security principal. The valid permission levels are: GpoRead, GpoApply, GpoEdit, GpoEditDeleteModifySecurity or None.
http://technet.microsoft.com/en-us/library/ee461038.aspx
http://technet.microsoft.com/en-us/library/cc739345(v=ws.10).aspx